Researchers have confirmed active exploitation of CVE-2026-46817, a critical vulnerability affecting Oracle E-Business Suite’s Oracle Payments File Transmission component. The flaw carries a CVSS score of 9.8 and enables unauthenticated remote attackers to compromise vulnerable systems through specially crafted HTTP requests without requiring valid credentials. Honeypot telemetry indicates exploitation attempts began within days of public disclosure, underscoring the speed at which threat actors weaponize newly disclosed enterprise vulnerabilities. Successful exploitation could allow attackers to gain unauthorized access to sensitive financial systems, execute arbitrary actions within affected Oracle environments, and potentially establish persistence for follow-on attacks. Security researchers observed attackers attempting to access sensitive files and probe vulnerable Oracle Payments endpoints, suggesting efforts to identify and compromise internet-facing deployments before organizations apply available security updates. Organizations running Oracle E-Business Suite should immediately apply Oracle’s latest Critical Patch Update, restrict external access to Oracle application servers, review web server and application logs for suspicious requests targeting Oracle Payments endpoints, and conduct compromise assessments where vulnerable systems were internet accessible. Rapid remediation remains essential as enterprise financial management platforms continue to be attractive targets for financially motivated and state-sponsored threat actors.