The Circuitry
THE CIRCUITRYYour one-stop source for all tech news
HOMETODAYNEWSFEEDEVENTS
BOOKMARKS
RSS
© 2026 The Circuitry
About UsSourcesContactCorrectionsPrivacy
  • Today
  • Feed
  • Events
  • Saved
Scroll for more
Verification
VERIFIEDConfidence: HIGH
Source identified
Claims cross-referenced
No discrepancies found
Fact-check summary

CISA KEV entry for Oracle E-Business Suite CVE-2026-46817 reported on 2026-07-15; no corroborating coverage from other outlets found.

1 caveat
  • ▲No independent confirmation located for the July 15 addition to the KEV catalog or the KNX CVE entry.
Sourcing
1source

via CISA KEV

Markets
ORCL···

Live quote · not investment advice

Home/Tech/CISA Adds KNX Protocol CVE-2023-4346 to KEV Catalog
VERIFIEDBy Xavier Rivera· ·1 min read

CISA Adds KNX Protocol CVE-2023-4346 to KEV Catalog

CISA added CVE-2023-4346 affecting KNX Association KNX Protocol Connection Authorization Option 1 to its Known Exploited Vulnerabilities catalog on 2026-07-15. Federal agencies must finish remediation by 2026-07-29. The overly restrictive account lockout mechanism could let attackers purge devices and set a BCU key when extra security options remain disabled, so organizations must apply vendor mitigations under BOD 26-04.

Source:CISA KEV
Post
CISA Adds KNX Protocol CVE-2023-4346 to KEV Catalog
TL;DRAI · 60 sec read

CISA adds KNX Protocol CVE-2023-4346 to its Known Exploited Vulnerabilities catalog. The flaw lets attackers wipe unprotected devices and lock them with BCU keys, so agencies must apply vendor fixes by July 29 under BOD 26-04. CISA also adds an Oracle E-Business Suite issue the same day.

CISA placed the vulnerability tracked as CVE-2023-4346 into its Known Exploited Vulnerabilities catalog. The entry targets KNX Association KNX Protocol Connection Authorization Option 1, which reportedly features an overly restrictive account lockout mechanism.

The flaw could allow an attacker to purge all devices without additional security options enabled and set a BCU key to lock the device. According to the catalog description, this issue might enable adversaries to wipe devices lacking further protections and then apply a BCU key that prevents normal operation.
The flaw could allow an attacker to purge all devices without additional security options enabled and set a BCU key to lock the device.

Catalog officials recorded the addition on 2026-07-15. Federal agencies face a remediation deadline of 2026-07-29.
From The CircuitryThe Feed — live briefs across tech, all day.See what’s happening →
Required action centers on vendor mitigations and BOD 26-04 compliance. Agencies must follow vendor-provided guidance while meeting CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk directive and its Forensics Triage Requirements. Each organization bears responsibility for assessing internet-facing assets and applying the mandated patching rules.
It allows unauthenticated takeover of Oracle Payments.
For cloud environments the same BOD 26-04 rules apply; products without workable fixes should be taken out of service. The directive itself stresses risk-based prioritization of security updates.
Related Oracle E-Business Suite vulnerability also added the same day. The catalog entry for CVE-2026-46817 describes an Oracle E-Business Suite Improper Privilege Management Vulnerability. It allows unauthenticated takeover of Oracle Payments.

EXPERT TAKE

Organizations running Oracle E-Business Suite must treat this as an immediate priority given confirmed exploitation and the tight three-day remediation window for federal systems.

Why this mattersAI · ~100 words

Tap a lens to see what this story means for you.

Reader-supported
DonateBuy me a coffee →Follow@thecircuitry_ →Follow@thecircuitry.to →

Reader-supported · Daily Brief

Daily brief at 7 AM ET. Top tech stories, every morning. Sourced and fact-checked.

HELP US IMPROVE
From The Circuitry

See what’s happening right now

The Feed runs all day — short, verified briefs the moment they break.

Open the Feed →
From The Circuitry

Follow @thecircuitry_

Every story we publish, as it happens. No noise between.

Follow on X ↗On Bluesky ↗

Reader-supported

The Circuitry is a passion project I've always wanted to build, and I love the work behind it.

Running it costs real money. APIs, hosting, time. To keep improving the site and growing this into something useful for everyone, those costs have to be covered.

Any contribution is appreciated. If not, no pressure. Thanks for reading.

Buy me a coffee
OracleSecurityVulnerability
More inTech
  • Report: OnePlus to Pull Out of US and Europe

    Tech · 2h
  • Samsung reveals tougher Flex Titanium foldable screen

    Tech · 3h
  • New York Governor Enacts One-Year Moratorium on High-Power Data Centers

    Tech · 4h
SupportThe Work

The Circuitry is reader-supported. If you find the daily brief useful, you can buy me a coffee to keep it going.

Buy a coffee →
SubscribeCircuitry Brief

Daily brief at 7 AM ET. Top tech stories, every morning.

MORE IN TECH

Report: OnePlus to Pull Out of US and Europe

Bloomberg reports that OnePlus will exit the U.S. and European smartphone markets as part of restructuring at owner Oppo, with the move possibly starting as soon as this week. The brand's earlier popularity has faded while Chinese suppliers face mounting pressure from memory chip costs and declining shipments in key regions.

Samsung reveals tougher Flex Titanium foldable screen

Samsung has introduced Flex Titanium, a thinner and mechanically stiffer foldable display that reduces visible creases and power consumption. The panel, built on experience from seven prior generations, will launch in the Galaxy Z Fold 8 series and may supply Apple’s expected folding iPhone.

New York Governor Enacts One-Year Moratorium on High-Power Data Centers

Governor Kathy Hochul signed a one-year moratorium Tuesday blocking new hyperscaler data centers that need 50 megawatts or more while agencies draft environmental rules and community-benefit templates. The pause addresses rising residential power prices, which have climbed nearly 68 percent since 2019, and the roughly 30 grid-connection requests filed between 2020 and 2025.