PatchSiren cyber security CVE debrief
CVE-2026-46906 Oracle Corporation CVE debrief
A critical vulnerability was discovered in JD Edwards EnterpriseOne Tools, affecting versions 9.2.0.0-9.2.26.2. This easily exploitable vulnerability allows a low-privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools, potentially impacting additional products. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data or all JD Edwards EnterpriseOne Tools accessible data, as well as unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data.
- Vendor
- Oracle Corporation
- Product
- JD Edwards EnterpriseOne Tools
- CVSS
- CRITICAL 9.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-18
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-18
Who should care
Organizations using JD Edwards EnterpriseOne Tools versions 9.2.0.0-9.2.26.2 should prioritize patching this vulnerability. The CVSS score of 9.6 indicates a high severity level, and the potential for scope change impacts additional products.
Technical summary
The vulnerability is located in the Enterprise Infrastructure Security component of JD Edwards EnterpriseOne Tools. It has a CVSS 3.1 Base Score of 9.6, with Confidentiality and Integrity impacts. The CVSS Vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N. The vulnerability allows a low-privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data or all JD Edwards EnterpriseOne Tools accessible data, as well as unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data. This could significantly impact additional products due to the potential for scope change.
Defensive priority
High priority should be given to patching this vulnerability due to its critical severity and potential for significant impact.
Recommended defensive actions
- Apply the patch from Oracle Corporation as soon as possible
- Review and update network access controls to limit exposure
- Monitor for any suspicious activity related to JD Edwards EnterpriseOne Tools
- Consider implementing compensating controls if patching is not immediately feasible
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-06-17T10:54:08.387Z and was last modified on 2026-06-18T20:50:43.710Z. The NVD entry is currently Analyzed. The vulnerability affects JD Edwards EnterpriseOne Tools versions 9.2.0.0-9.2.26.2. Evidence of exploitation or impact is not currently available, but defenders should verify the patch status of their deployments and monitor for suspicious activity related to JD Edwards EnterpriseOne Tools.
Official resources
-
CVE-2026-46906 CVE record
CVE.org
-
CVE-2026-46906 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:08.387Z and has not been modified since then. The NVD entry is currently Analyzed.