Security researchers have identified around 950 internet-facing Oracle EBS Flaw instances following expanded internet scanning, while attackers have already begun exploiting CVE-2026-46817 in real-world attacks.
The findings were shared by The Shadowserver Foundation, which recently enhanced its scanning capabilities through domain-based fingerprinting in collaboration with Validin. Although the scan did not verify whether every exposed system is vulnerable, it highlights a large number of publicly accessible Oracle EBS deployments that could become potential targets.
Active Exploitation Detected
Researchers at DefusedCyber have observed active exploitation attempts targeting CVE-2026-46817, indicating that threat actors are already scanning for vulnerable Oracle E-Business Suite servers.
The vulnerability was addressed in Oracle’s May 2026 Critical Patch Update (CPU). While Oracle has released limited technical details, the flaw is considered serious because Oracle EBS often manages sensitive business information, including financial, HR, and operational data.
Compromising these systems could allow attackers to gain unauthorized access, steal sensitive information, or move laterally across enterprise networks.
Exposure and Security Recommendations
Shadowserver’s public dashboard provides visibility into exposed Oracle EBS systems worldwide, while its Device ID reporting service helps organizations identify internet-facing Oracle E-Business Suite instances within their environments.
To reduce the risk of compromise, organizations should:
- Apply Oracle’s latest security patches immediately.
- Restrict public access to Oracle EBS servers.
- Enable strong authentication and access controls.
- Monitor logs for suspicious activity.
- Deploy Web Application Firewall (WAF) protections.
- Segment Oracle EBS servers from critical internal networks.
With hundreds of Oracle E-Business Suite instances exposed and attackers actively exploiting CVE-2026-46817, organizations should prioritize patching and review externally accessible systems before they become targets of compromise.