PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46893 Oracle Corporation CVE debrief

A critical vulnerability was discovered in JD Edwards EnterpriseOne General Ledger, a product of Oracle JD Edwards. The vulnerability, tracked as CVE-2026-46893, has a CVSS score of 9.9, indicating a high severity level. The affected version is 9.2, and the vulnerability is exploitable by low-privileged attackers with network access via SMB. This vulnerability is located in the E1 Foundation component of JD Edwards EnterpriseOne General Ledger. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne General Ledger. The vulnerability's high CVSS score and the fact that it's easily exploitable make it a critical concern for organizations using this product.

Vendor
Oracle Corporation
Product
JD Edwards EnterpriseOne General Ledger
CVSS
CRITICAL 9.9
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-26
Advisory published
2026-06-17
Advisory updated
2026-06-26

Who should care

Organizations using JD Edwards EnterpriseOne General Ledger version 9.2 should prioritize patching this vulnerability to prevent potential attacks. The vulnerability's high CVSS score and the fact that it's easily exploitable make it a critical concern. Security teams and vulnerability management teams should review the CVE record and vendor advisory to understand the affected scope and severity. IT teams responsible for maintaining JD Edwards EnterpriseOne General Ledger should plan for vendor-supported updates or mitigations through normal change control.

Technical summary

The vulnerability is located in the E1 Foundation component of JD Edwards EnterpriseOne General Ledger. It allows low-privileged attackers with network access via SMB to compromise the product. The vulnerability has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, indicating a high impact on confidentiality, integrity, and availability. The vulnerability can be exploited by low-privileged attackers, which increases the attack surface. The affected product, JD Edwards EnterpriseOne General Ledger, is a critical component of many organizations' financial systems.

Defensive priority

Highest Priority due to the high CVSS score and the potential for significant impact on confidentiality, integrity, and availability. Immediate action is required to patch the vulnerability and prevent potential attacks. Compensating controls should be reviewed and implemented to mitigate potential impacts while remediation is scheduled and verified. Monitoring and detection capabilities should be checked for exposed assets that need extra review. Exceptions should be tracked, and remediated assets should be retested before closing the item.

Recommended defensive actions

  • Apply the patch provided by Oracle Corporation as soon as possible
  • Restrict network access to JD Edwards EnterpriseOne General Ledger
  • Monitor for suspicious activity
  • Implement compensating controls to mitigate potential impacts
  • Verify the integrity of the system and data

Evidence notes

The CVE record was published on 2026-06-17T10:54:07.013Z and last modified on 2026-06-26T03:44:44.707Z. The NVD entry is currently Analyzed. The vulnerability is in JD Edwards EnterpriseOne General Ledger, a product of Oracle JD Edwards, specifically in the E1 Foundation component. The vulnerability has a CVSS score of 9.9, indicating a high severity level. The affected version is 9.2, and the vulnerability is exploitable by low-privileged attackers with network access via SMB. The CVE record was obtained from the NVD database, which is a comprehensive vulnerability database maintained by the US National Institute of Standards and Technology (NIST). The information provided is based on the data available up to the last modification date.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:07.013Z and has not been modified since then. The NVD entry is currently Analyzed.