Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

CVE-2026-46817 -- CVSS 9.8 Vulnerability Briefing

CVE-2026-46817 | CVSS 9.8 (Critical) | Exploit: PoC available

What Is It

CVE-2026-46817 is a critical unauthenticated remote compromise vulnerability affecting the File Transmission component of Oracle Payments within Oracle E-Business Suite versions 12.2.3 through 12.2.15.

Technical Detail

The flaw exists in the File Transmission component of Oracle Payments and can be triggered by an unauthenticated attacker over HTTP with no user interaction required and no elevated privileges needed, placing it in the highest-risk category of network-exploitable vulnerabilities. Oracle's advisory describes the outcome as full takeover of the Oracle Payments application, which implies the ability to achieve remote code execution or equivalent control over the affected system, with confirmed impact across confidentiality, integrity, and availability. The low attack complexity rating indicates the vulnerability is reliably exploitable without specialized conditions or race conditions.

Exploitation Status

A proof-of-concept exploit is publicly available as of this writing. This vulnerability is not currently listed in CISA's Known Exploited Vulnerabilities catalog, meaning active in-the-wild exploitation has not been formally confirmed by CISA. However, the combination of a public PoC, a CVSS score of 9.8, and a zero-authentication attack path significantly elevates the risk of exploitation in the near term.

Who Is Targeting This

No specific threat actor attribution at this time. Neither confirmed nor reported threat actor associations have been identified in connection with this vulnerability. Organizations should not interpret the absence of attribution as an indicator of low threat, given the severity and public availability of exploit code.

What To Do

Apply Oracle's patch for this vulnerability immediately, prioritizing any internet-facing or network-accessible Oracle E-Business Suite deployments running versions 12.2.3 through 12.2.15. If patching cannot be completed immediately, restrict HTTP access to the Oracle Payments File Transmission component at the network perimeter using firewall rules or web application firewall controls to limit exposure to trusted IP ranges only. Monitor application and web server logs for anomalous unauthenticated HTTP requests targeting the File Transmission component. Given the public PoC availability, treat this as a high-priority patch cycle item regardless of current KEV status and verify patch application through change management records.

All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →