8 min read
By: RedLegg's Cyber Threat Intelligence Team
About:
CVE-2026-20253 is a critical vulnerability in Splunk Enterprise that allows unauthenticated attackers to create or modify files via a PostgreSQL sidecar service endpoint. With confirmed exploitation and inclusion in CISA’s KEV catalog, the flaw poses a serious risk to system integrity and availability. Immediate patching or service mitigation is strongly recommended.
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
Oracle Payments File Transmission Vulnerability
Identifier: CVE-2026-46817
PoC or Exploitation:
As of Oracle's May 2026 Critical Security Patch Update, Oracle has not confirmed active exploitation of CVE-2026-46817.
However, Defused Cyber has documented in-the-wild exploitation of CVE-2026-46817 against Oracle E-Business Suite honeypots. The researchers observed six unauthenticated exploitation attempts on June 27, 2026, targeting the Oracle Payments File Transmission component before any public proof-of-concept became available.
CVSS Score: 9.8 (Critical, CVSS v3.1)
Update / Patch:
Oracle addressed CVE-2026-46817 as part of the May 2026 Critical Security Patch Update.
Affected Product:
Oracle E-Business Suite
Affected Component:
Oracle Payments – File Transmission
Affected Versions:
Oracle Payments 12.2.3 through 12.2.15
Patch Guidance
Oracle recommends applying the May 2026 Critical Security Patch Update for Oracle E-Business Suite.
Patch acquisition, prerequisites, and deployment instructions are provided through My Oracle Support Knowledge Document KA923.
Vendor advisory and patch guidance:
My Oracle Support Knowledge Document:
Description:
CVE-2026-46817 is a critical vulnerability affecting the Oracle Payments File Transmission component of Oracle E-Business Suite.
The vulnerability is remotely exploitable over HTTP without authentication and may allow an attacker with network access to completely compromise the Oracle Payments application.
Oracle Payments is commonly used to process, transmit, and manage financial transactions between Oracle E-Business Suite and external banking or payment systems. Successful exploitation could enable attackers to gain unauthorized access to sensitive financial information, manipulate payment processing workflows, alter transmitted payment files, disrupt financial operations, or establish persistence within the Oracle E-Business Suite environment.
Mitigation Recommendation:
Immediately apply the May 2026 Oracle Critical Security Patch Update for Oracle E-Business Suite.
Prioritize remediation of internet-facing Oracle E-Business Suite deployments and systems exposing Oracle Payments over HTTP.
Review Oracle E-Business Suite application logs, web server logs, and audit records for suspicious HTTP requests, unexpected administrative activity, unauthorized payment processing operations, or abnormal file transmission events.
Conduct compromise assessments on vulnerable Oracle Payments environments, particularly those accessible from untrusted networks.
Restrict external access to Oracle E-Business Suite applications where operationally feasible and limit administrative access to trusted management networks.
