A significant vulnerability in Oracle's E-Business Suite is currently being exploited by threat actors, as reported by threat intelligence company Defused. The flaw, identified as CVE-2026-46817 with a critical CVSS score of 9.8, is located in the File Transmissions component of the Payments product in E-Business Suite. This vulnerability allows unauthenticated attackers to execute remote attacks over HTTP, potentially leading to a full compromise of Oracle Payments. Oracle addressed this issue in their first monthly Critical Security Patch Update in late May, which included fixes for 77 vulnerabilities. Defused reported that over the past weekend, initial attempts to exploit this flaw were detected in their EBS honeypots. There have been no prior reports of in-the-wild exploitation, nor is there a public proof-of-concept exploit available. Given the severity of this vulnerability and the recent exploitation attempts, organizations are urged to apply Oracle's patches immediately. Historically, vulnerabilities in Oracle's E-Business Suite and other products are common targets for attack campaigns, as demonstrated by past incidents involving groups like Cl0p and ShinyHunters. The urgency of applying patches is highlighted by these ongoing threats.