Offensive Security Digest

Oracle Zero-Days Under Active Exploitation (PeopleSoft & EBS)

Oracle Zero-Days Under Active Exploitation (PeopleSoft & EBS)

Key Questions

What Oracle zero-day vulnerabilities are currently under active exploitation?

Two fresh zero-days are being exploited: PeopleSoft SSRF (CVE-2026-35273) and Oracle EBS Payments (CVE-2026-46817). The EBS flaw is being targeted through patch-diffing techniques against exposed instances.

How was the PeopleSoft vulnerability exploited and what was the impact?

ShinyHunters used the PeopleSoft SSRF flaw (CVE-2026-35273) to breach 100 universities and exfiltrate 40GB of data from the University of Nottingham. This represents real-world enterprise exploitation with direct relevance to red team operations.

What is the status of the Oracle EBS Payments vulnerability (CVE-2026-46817)?

CVE-2026-46817 remains under active exploitation with approximately 950 exposed instances targeted via file-read attacks. The vulnerability was identified through patch analysis and continues to be developed as a threat.

Fresh zero-days in Oracle products actively exploited. PeopleSoft SSRF (CVE-2026-35273) exploited by ShinyHunters to breach 100 universities, exfiltrating 40GB from University of Nottingham. New Oracle EBS Payments vulnerability (CVE-2026-46817) under active exploitation via patch-diffing, with 950 exposed instances and targeted file-read attacks. Real-world enterprise exploitation with direct red team relevance.

Sources (2)
Updated Jul 5, 2026
What Oracle zero-day vulnerabilities are currently under active exploitation? - Offensive Security Digest | NBot | nbot.ai