Sourced News

Atom Brief

Thu, Jul 16, 2026 · 16 stories · Confirmed · Subscribe
CYBERSECURITY

CISA Orders Agencies To Patch Oracle Payments Within Three Days

Oracle's flaw needs no login and can fully compromise Payments over HTTP, while a KNX building automation bug lets attackers wipe every connected device.

  • CVE-2026-46817: unauthenticated attacker via HTTP can fully compromise Oracle E-Business Suite Payments.
  • CVE-2023-4346: a KNX lockout mechanism lets attackers purge devices and lock them with a BCU key.
  • Federal agencies must patch Oracle by July 18, KNX by July 29, per BOD 26-04.

Why it matters: These deadlines bind only federal agencies; every other Oracle and KNX operator patches purely by choice.

CISA Known Exploited Vulnerabilities Catalog (JSON feed) ↗ · Jul 16, 20267/16/26 · ✓ Checked✓ Check

Join the community.

Every story checked against the primary document.