Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

[KEV] CVE-2026-46817 -- CVSS 0.0 Vulnerability Briefing

[KEV] CVE-2026-46817 | CVSS 0.0 (Low) | Exploit: Operational

What Is It

CVE-2026-46817 is an improper privilege management vulnerability in Oracle E-Business Suite affecting the Oracle Payments component, exploitable by unauthenticated attackers over HTTP.

Technical Detail

The flaw stems from improper privilege management within the Oracle Payments module of Oracle E-Business Suite, allowing a remote, unauthenticated attacker with network access via HTTP to interact with the component without valid credentials. The precise mechanism of exploitation has not been publicly detailed, but the vulnerability class indicates the attacker can bypass expected authorization controls to assume elevated or administrative privileges within the Payments subsystem. Successful exploitation results in full takeover of Oracle Payments, which may include unauthorized access to payment records, transaction manipulation, and lateral movement within the broader E-Business Suite environment.

Exploitation Status

CISA has confirmed active exploitation in the wild, with this vulnerability added to the Known Exploited Vulnerabilities catalog on July 15, 2026. The exploit maturity is rated Operational, meaning a functional exploit capable of reliable, targeted use exists and has been deployed against real-world targets. This is not a proof-of-concept scenario; the vulnerability is being actively weaponized.

Who Is Targeting This

Confirmed (ATTAX-verified): UNC3886, a threat actor of Chinese origin operating with nation-state motivation, has been attributed with high confidence to exploitation of this vulnerability. UNC3886 is a well-documented espionage-focused group with a history of targeting enterprise infrastructure, particularly internet-facing management and financial systems, to support long-term access and intelligence collection objectives. No additional reported actors have been identified at this time.

What To Do

Organizations running Oracle E-Business Suite should apply Oracle's patch for CVE-2026-46817 immediately. Per CISA's Known Exploited Vulnerabilities catalog binding directive, federal agencies are required to remediate this vulnerability by the deadline associated with the July 15, 2026 addition date, typically within 14 days for actively exploited vulnerabilities. All organizations, regardless of sector, should treat this as a critical priority given the operational exploit status and confirmed nation-state exploitation. If patching cannot be completed immediately, restrict network access to Oracle E-Business Suite and the Payments component at the perimeter, enforce allowlisting for HTTP access to the application, and audit authentication and access logs for anomalous unauthenticated requests to Payments-related endpoints. Monitor for unexpected privilege changes, new administrative account creation, and unusual outbound connections from E-Business Suite hosts as indicators of post-exploitation activity.

All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →