Active exploitation has been observed against a critical Oracle E-Business Suite vulnerability affecting Oracle Payments. The flaw could allow attackers to manipulate payment processes, amend bank account details, generate fraudulent invoices, exfiltrate sensitive financial data and potentially redirect outbound payments to attacker-controlled accounts.
The vulnerability is tracked as CVE-2026-46817 and affects Oracle Payments within Oracle E-Business Suite.
With Oracle Payments widely used across enterprise environments, the issue presents both direct compromise risk and wider financial exposure for organisations connected through payment or operational workflows.