CISA BOD 26-04 Oracle EBS patch order
Public Sector Action
Summary
Hide ▲
Show ▼
CISA ordered U.S. government agencies to patch vulnerable Oracle E-Business Suite instances by Saturday, July 18, tightening federal exposure to an actively exploited flaw. The directive covers CVE-2026-46817, a critical bug in the Oracle Payments File Transmission component that can let an unauthenticated attacker over HTTP take over affected systems. The order was issued under Binding Operational Directive (BOD) 26-04 after CISA added the flaw to its list of known exploited security issues.
Related Happenings
Oracle E-Business Suite unauth HTTP takeover security flaw (CVE-2026-46817)
Vulnerability
H score52
First: 29.06.2026 16:46
Last: 29.06.2026 16:46
Sources 1
How related:
Discovered in the File Transmission component of EBS's Oracle Payments product and tracked as CVE-2026-46817, this security flaw allows unauthenticated threat actors with HTTP network access to take over vulnerable systems in low-complexity attacks.
About this happening:
Oracle E-Business Suite CVE-2026-46817 is under active exploitation, putting Oracle Payments deployments at takeover risk. The flaw allows unauthenticated HTTP a...
Oracle E-Business Suite unauth HTTP takeover security flaw (CVE-2026-46817)
VulnerabilityHow related: Discovered in the File Transmission component of EBS's Oracle Payments product and tracked as CVE-2026-46817, this security flaw allows unauthenticated threat actors with HTTP network access to take over vulnerable systems in low-complexity attacks.
About this happening: Oracle E-Business Suite CVE-2026-46817 is under active exploitation, putting Oracle Payments deployments at takeover risk. The flaw allows unauthenticated HTTP a...
Latest development: 16.07.2026 13:56
CISA ordered U.S. federal agencies to secure Oracle E-Business Suite systems by Saturday, July 18, after confirming active exploitation of CVE-2026-46817 and adding it to its known exploited security flaws list. Oracle E-Business Suite's Oracle Payments File Transmission component allows an unauthenticated attacker with HTTP access to compromise Oracle Payments.
Oracle E-Business Suite May 2026 Critical Security Patch Update (CVE-2026-46817)
Security Patch Release
H score53
First: 29.06.2026 16:46
Last: 29.06.2026 16:46
Sources 1
How related:
Oracle released security updates to address the security issue with its May 2026 Critical Security Patch Update, urging customers to patch their systems immediately.
About this happening:
Oracle's May 2026 Critical Security Patch Update addressed CVE-2026-46817 in Oracle E-Business Suite, a critical flaw in Oracle Payments that could let an...
Oracle E-Business Suite May 2026 Critical Security Patch Update (CVE-2026-46817)
Security Patch ReleaseHow related: Oracle released security updates to address the security issue with its May 2026 Critical Security Patch Update, urging customers to patch their systems immediately.
About this happening: Oracle's May 2026 Critical Security Patch Update addressed CVE-2026-46817 in Oracle E-Business Suite, a critical flaw in Oracle Payments that could let an...
Latest development: 16.07.2026 13:56
CISA ordered U.S. federal agencies to secure Oracle E-Business Suite systems by Saturday, July 18, after confirming ongoing attacks against CVE-2026-46817 in Oracle Payments. Defused said it observed exploitation on Oracle E-Business honeypots over the weekend, and Oracle had already released the May 2026 Critical Security Patch Update for the flaw.
Federal civilian executive branch agency hit by network compromise
Incident
H score21
First: 24.04.2026 23:34
Last: 24.04.2026 23:34
Sources 1
About this happening:
A federal civilian executive branch agency was compromised in an early September 2025 intrusion that left attackers with persistent access on Cisco Firepower and Sec...
Federal civilian executive branch agency hit by network compromise
IncidentAbout this happening: A federal civilian executive branch agency was compromised in an early September 2025 intrusion that left attackers with persistent access on Cisco Firepower and Sec...
FIRESTARTER malware on Cisco ASA and FTD devices
Malware Activity
H score33
First: 23.04.2026 15:00
Last: 23.04.2026 15:00
Sources 1
About this happening:
CISA has published analysis of FIRESTARTER, a malware strain that enables remote access and control on Cisco Firepower and Secure Firewall devices, raising the ris...
FIRESTARTER malware on Cisco ASA and FTD devices
Malware ActivityAbout this happening: CISA has published analysis of FIRESTARTER, a malware strain that enables remote access and control on Cisco Firepower and Secure Firewall devices, raising the ris...
Latest development: 24.04.2026 23:34
CISA, NCSC-UK, and Cisco detailed Firestarter persistence on Cisco Firepower and Secure Firewall devices running ASA or FTD software, attributing the backdoor to UAT-4356 and linking the activity to ArcaneDoor. The malware modifies CSP_MOUNT_LIST, stores a copy in /opt/cisco/platform/logs/var/log/svc_samcore.log, restores itself to /usr/bin/lina_cs, and relaunches after termination or reboot; Cisco recommends reimaging and upgrading to fixed releases, or using a cold restart only if reimaging is not possible.
CISA KEV listing and FCEB ActiveMQ patch order
Public Sector Action
H score70
First: 17.04.2026 12:30
Last: 17.04.2026 12:30
Sources 1
About this happening:
CISA added CVE-2026-34197 to the KEV Catalog and ordered FCEB agencies to patch Apache ActiveMQ servers within two weeks. The directive sets a hard April...
CISA KEV listing and FCEB ActiveMQ patch order
Public Sector ActionAbout this happening: CISA added CVE-2026-34197 to the KEV Catalog and ordered FCEB agencies to patch Apache ActiveMQ servers within two weeks. The directive sets a hard April...
Timeline
-
16.07.2026 13:56 2 articles · 1h ago
CISA orders federal agencies to patch exploited Oracle E-Business Suite flaw
Legal Policy Action UpdateCISA ordered U.S. federal agencies to secure Oracle E-Business Suite systems by Saturday, July 18, after confirming that attackers were actively exploiting CVE-2026-46817. The flaw affects the Oracle Payments File Transmission component and can let an unauthenticated attacker with HTTP access take over vulnerable systems; Oracle had already released fixes in its May 2026 Critical Security Patch Update and urged customers to patch immediately.
Show sources
- CISA orders feds to patch actively exploited Oracle flaw by Saturday — www.bleepingcomputer.com — 16.07.2026 13:56
- CISA orders feds to patch actively exploited Oracle flaw by Saturday — www.bleepingcomputer.com — 16.07.2026 13:56