PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46905 Oracle Corporation CVE debrief

A critical vulnerability was discovered in JD Edwards EnterpriseOne Tools, affecting versions 9.2.0.0-9.2.26.2. This vulnerability, tracked as CVE-2026-46905, allows unauthenticated attackers with network access via HTTP to compromise JD Edwards EnterpriseOne Tools, potentially leading to a takeover of the system. The vulnerability is located in the Web Runtime Security component and has a CVSS 3.1 Base Score of 9.8, indicating a high impact on confidentiality, integrity, and availability. The vulnerability is easily exploitable, and successful attacks can result in a complete takeover of the system.

Vendor
Oracle Corporation
Product
JD Edwards EnterpriseOne Tools
CVSS
CRITICAL 9.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-18
Advisory published
2026-06-17
Advisory updated
2026-06-18

Who should care

Organizations using JD Edwards EnterpriseOne Tools versions 9.2.0.0-9.2.26.2 should prioritize patching this vulnerability to prevent potential system compromise. The vulnerability can be exploited by unauthenticated attackers with network access via HTTP, making it a high-risk vulnerability. Security teams and operators should review the official advisory and take immediate action to patch the vulnerability.

Technical summary

The vulnerability, tracked as CVE-2026-46905, is located in the Web Runtime Security component of JD Edwards EnterpriseOne Tools. It has a CVSS 3.1 Base Score of 9.8, indicating a high impact on confidentiality, integrity, and availability. The vulnerability is easily exploitable and allows unauthenticated attackers with network access via HTTP to compromise the system. The affected versions are 9.2.0.0-9.2.26.2. The vulnerability can be mitigated by applying the patch provided by Oracle Corporation.

Defensive priority

High

Recommended defensive actions

  • Apply the patch provided by Oracle Corporation as soon as possible
  • Review and update inventory of JD Edwards EnterpriseOne Tools installations
  • Implement compensating controls such as network segmentation and monitoring
  • Verify and enforce secure configurations for JD Edwards EnterpriseOne Tools
  • Review relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The CVE record was published on 2026-06-17T10:54:08.277Z and was last modified on 2026-06-18T20:50:27.210Z. The NVD entry is currently Analyzed. This information is based on the NVD entry and the CVE record. The vulnerability affects JD Edwards EnterpriseOne Tools versions 9.2.0.0-9.2.26.2. Evidence of exploitation has not been reported. Defenders should verify the affected versions and review the official advisory for further details.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:08.277Z and has not been modified since then. The NVD entry is currently Analyzed.