PatchSiren cyber security CVE debrief
CVE-2026-46905 Oracle Corporation CVE debrief
A critical vulnerability was discovered in JD Edwards EnterpriseOne Tools, affecting versions 9.2.0.0-9.2.26.2. This vulnerability, tracked as CVE-2026-46905, allows unauthenticated attackers with network access via HTTP to compromise JD Edwards EnterpriseOne Tools, potentially leading to a takeover of the system. The vulnerability is located in the Web Runtime Security component and has a CVSS 3.1 Base Score of 9.8, indicating a high impact on confidentiality, integrity, and availability. The vulnerability is easily exploitable, and successful attacks can result in a complete takeover of the system.
- Vendor
- Oracle Corporation
- Product
- JD Edwards EnterpriseOne Tools
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-18
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-18
Who should care
Organizations using JD Edwards EnterpriseOne Tools versions 9.2.0.0-9.2.26.2 should prioritize patching this vulnerability to prevent potential system compromise. The vulnerability can be exploited by unauthenticated attackers with network access via HTTP, making it a high-risk vulnerability. Security teams and operators should review the official advisory and take immediate action to patch the vulnerability.
Technical summary
The vulnerability, tracked as CVE-2026-46905, is located in the Web Runtime Security component of JD Edwards EnterpriseOne Tools. It has a CVSS 3.1 Base Score of 9.8, indicating a high impact on confidentiality, integrity, and availability. The vulnerability is easily exploitable and allows unauthenticated attackers with network access via HTTP to compromise the system. The affected versions are 9.2.0.0-9.2.26.2. The vulnerability can be mitigated by applying the patch provided by Oracle Corporation.
Defensive priority
High
Recommended defensive actions
- Apply the patch provided by Oracle Corporation as soon as possible
- Review and update inventory of JD Edwards EnterpriseOne Tools installations
- Implement compensating controls such as network segmentation and monitoring
- Verify and enforce secure configurations for JD Edwards EnterpriseOne Tools
- Review relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The CVE record was published on 2026-06-17T10:54:08.277Z and was last modified on 2026-06-18T20:50:27.210Z. The NVD entry is currently Analyzed. This information is based on the NVD entry and the CVE record. The vulnerability affects JD Edwards EnterpriseOne Tools versions 9.2.0.0-9.2.26.2. Evidence of exploitation has not been reported. Defenders should verify the affected versions and review the official advisory for further details.
Official resources
-
CVE-2026-46905 CVE record
CVE.org
-
CVE-2026-46905 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:08.277Z and has not been modified since then. The NVD entry is currently Analyzed.