CVE-2026-46817
Description
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. Successful attacks of this vulnerability can result in takeover of Oracle Payments. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
In plain language
AI Act nowCVE-2026-46817 is a critical weakness in Oracle E-Business Suite’s Oracle Payments “File Transmission” feature that lets an attacker remotely read sensitive files and take over the Payments system without logging in; if you run affected Oracle versions (12.2.3–12.2.15), you should treat it as urgent to fix.
CVE-2026-46817 is an unauthenticated remote compromise in Oracle E-Business Suite’s Oracle Payments File Transmission component over HTTP, enabling an attacker to take over the Payments system (including sensitive file access) and impact confidentiality, integrity, and availability.
What to do now
- Check whether you run Oracle E-Business Suite (Oracle Payments / File Transmission) on a supported, affected release: 12.2.3 through 12.2.15.
- Verify whether the Payments File Transmission endpoint (the ibytransmit HTTP endpoint) is reachable from untrusted networks (for example, the internet) or otherwise exposed.
- Apply Oracle’s provided remediation from the Oracle security alert for CVE-2026-46817 as soon as possible.
- After patching, retest that the ibytransmit endpoint is no longer reachable from untrusted networks and monitor for any repeated exploit attempts.
CVSS Vector Breakdown
AV:NAttack VectorAC:LAttack ComplexityPR:NPrivileges RequiredUI:NUser InteractionS:UScopeC:HConfidentialityI:HIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
3 techniquesReferences
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-46817 and every CVE in our database. Create a free account — no credit card required.
Create Free Account