Critical Oracle, Kemp, and Linux flaws come under active attack

Security teams are staring down a fresh batch of serious flaws that attackers are already turning against real targets, according to Check Point Research's latest weekly threat bulletin. Several of the bugs are unauthenticated and internet-facing, the combination that gives attackers the easiest path in, and public exploit code is circulating for more than one of them.

Oracle E-Business Suite under fire

The most widely exploited of the batch is CVE-2026-46817, a critical remote code execution flaw in Oracle E-Business Suite, the ERP platform many large firms use to run finance, procurement, and HR. Check Point says it has reportedly been exploited against roughly 950 internet-exposed instances worldwide, and that a successful attack can hand an intruder control of the entire ERP system. Anyone running E-Business Suite exposed to the internet should treat patching as urgent and check for signs of compromise.

Kemp LoadMaster and a Linux root bug

Progress has patched CVE-2026-8037, an operating-system command injection flaw in its Kemp LoadMaster load balancers that carries a near-maximum severity score of 9.6. Exploitation attempts started on June 29, and the bug can let an unauthenticated attacker run commands remotely on a vulnerable appliance. Separately, Linux kernel maintainers fixed CVE-2026-46242, a "Bad Epoll" use-after-free race condition that lets an unprivileged local user escalate to root. It affects Linux servers, desktops, and Android devices, and researchers have demonstrated a reliable public exploit, which usually means opportunistic abuse follows quickly.

NetScaler, again

The bulletin also flags continued attacks on Citrix NetScaler ADC and Gateway via CVE-2026-8451, a memory-disclosure flaw that can leak session tokens and was exploited within a day of disclosure. IntelFusions covered that vulnerability when it surfaced; see our earlier report on the NetScaler memory-overread flaw.

What you should do

Prioritize the internet-facing systems first: patch Oracle E-Business Suite and Kemp LoadMaster immediately, apply the latest Linux kernel updates on multi-user hosts, and make sure NetScaler appliances are current with their sessions rotated. Where a public exploit already exists, assume scanning is underway and hunt for signs of exploitation rather than simply installing the fix. The Oracle exposure echoes a run of enterprise-software attacks this year, including ShinyHunters abusing an Oracle PeopleSoft zero-day against universities.

This briefing is provided by IntelFusions for informational and defensive purposes only. It is based on sources assessed to be reliable at the time of writing, and analytic judgments carry the confidence levels indicated. Indicators of compromise are defanged; re-arm them only in controlled environments. IntelFusions is not affiliated with the organizations named and makes no warranty as to completeness or accuracy.

Read the full analysis on IntelFusions