Oracle Zero-Days Under Active Exploitation (PeopleSoft & EBS)
Key Questions
What Oracle zero-day vulnerabilities are currently under active exploitation?
Two fresh zero-days are being exploited: PeopleSoft SSRF (CVE-2026-35273) and Oracle EBS Payments (CVE-2026-46817). The EBS flaw is being targeted through patch-diffing techniques against exposed instances.
How was the PeopleSoft vulnerability exploited and what was the impact?
ShinyHunters used the PeopleSoft SSRF flaw (CVE-2026-35273) to breach 100 universities and exfiltrate 40GB of data from the University of Nottingham. This represents real-world enterprise exploitation with direct relevance to red team operations.
What is the status of the Oracle EBS Payments vulnerability (CVE-2026-46817)?
CVE-2026-46817 remains under active exploitation with approximately 950 exposed instances targeted via file-read attacks. The vulnerability was identified through patch analysis and continues to be developed as a threat.
Fresh zero-days in Oracle products actively exploited. PeopleSoft SSRF (CVE-2026-35273) exploited by ShinyHunters to breach 100 universities, exfiltrating 40GB from University of Nottingham. New Oracle EBS Payments vulnerability (CVE-2026-46817) under active exploitation via patch-diffing, with 950 exposed instances and targeted file-read attacks. Real-world enterprise exploitation with direct red team relevance.