Exploit for Improper Authentication in Oracle E-Business_Suite CVE-2026-46817

Name: Exploit for Improper Authentication in Oracle E-Business_Suite CVE-2026-46817
Rating: 5 (4 reviews)
2026-06-30 | CVSS 9.8
## https://sploitus.com/exploit?id=DCB07824-2947-51F9-8738-1630098A0772
# CVE-2026-46817 Proof of Concept

**Oracle E-Business Suite File Transmission Path Traversal**

---

## ⚠️ LEGAL DISCLAIMER

**THIS SOFTWARE IS PROVIDED FOR EDUCATIONAL AND AUTHORIZED SECURITY TESTING PURPOSES ONLY.**

By using this software, you agree that:

1. **You will ONLY use this tool on systems you own or have explicit written authorization to test**
2. **Unauthorized access to computer systems is illegal** under various laws including the Computer Fraud and Abuse Act (CFAA) in the United States and similar legislation worldwide
3. **The authors assume NO liability** for misuse, damages, or legal consequences resulting from the use of this software
4. **You are solely responsible** for ensuring your use complies with all applicable laws and regulations

**If you are unsure whether you have permission to test a system, YOU DO NOT HAVE PERMISSION.**

---

## Overview

| Attribute | Details |
|-----------|---------|
| **CVE ID** | CVE-2026-46817 |
| **Vendor** | Oracle Corporation |
| **Product** | Oracle E-Business Suite (EBS) |
| **Component** | Oracle Payments - File Transmission |
| **Severity** | Critical (CVSS 9.8) |
| **Attack Vector** | Network-based, unauthenticated |
| **Patch Status** | Available (May 2026 CSPU) |

### Description

CVE-2026-46817 is an improper privilege management and authentication vulnerability in Oracle E-Business Suite's Payments module. The File Transmission component fails to properly validate user-supplied file paths, allowing unauthenticated attackers to read arbitrary files from the underlying filesystem via path traversal.

This vulnerability is being **actively exploited in the wild** as of June 2026.

---

## Affected Versions

- Oracle E-Business Suite 12.2.3
- Oracle E-Business Suite 12.2.4
- Oracle E-Business Suite 12.2.5
- Oracle E-Business Suite 12.2.6
- Oracle E-Business Suite 12.2.7
- Oracle E-Business Suite 12.2.8
- Oracle E-Business Suite 12.2.9
- Oracle E-Business Suite 12.2.10
- Oracle E-Business Suite 12.2.11
- Oracle E-Business Suite 12.2.12
- Oracle E-Business Suite 12.2.13
- Oracle E-Business Suite 12.2.14
- Oracle E-Business Suite 12.2.15

---

## Installation

### Prerequisites

- Python 3.7+
- `requests` library

### Setup

```bash
# Clone or download the repository
git clone https://github.com/yourusername/cve-2026-46817-poc.git
cd cve-2026-46817-poc

# Install dependencies
pip install requests

# Or use a virtual environment (recommended)
python3 -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate
pip install requests