PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46906 Oracle Corporation CVE debrief

A critical vulnerability was discovered in JD Edwards EnterpriseOne Tools, affecting versions 9.2.0.0-9.2.26.2. This easily exploitable vulnerability allows a low-privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools, potentially impacting additional products. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data or all JD Edwards EnterpriseOne Tools accessible data, as well as unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data.

Vendor
Oracle Corporation
Product
JD Edwards EnterpriseOne Tools
CVSS
CRITICAL 9.6
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-18
Advisory published
2026-06-17
Advisory updated
2026-06-18

Who should care

Organizations using JD Edwards EnterpriseOne Tools versions 9.2.0.0-9.2.26.2 should prioritize patching this vulnerability. The CVSS score of 9.6 indicates a high severity level, and the potential for scope change impacts additional products.

Technical summary

The vulnerability is located in the Enterprise Infrastructure Security component of JD Edwards EnterpriseOne Tools. It has a CVSS 3.1 Base Score of 9.6, with Confidentiality and Integrity impacts. The CVSS Vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N. The vulnerability allows a low-privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data or all JD Edwards EnterpriseOne Tools accessible data, as well as unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data. This could significantly impact additional products due to the potential for scope change.

Defensive priority

High priority should be given to patching this vulnerability due to its critical severity and potential for significant impact.

Recommended defensive actions

  • Apply the patch from Oracle Corporation as soon as possible
  • Review and update network access controls to limit exposure
  • Monitor for any suspicious activity related to JD Edwards EnterpriseOne Tools
  • Consider implementing compensating controls if patching is not immediately feasible
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-06-17T10:54:08.387Z and was last modified on 2026-06-18T20:50:43.710Z. The NVD entry is currently Analyzed. The vulnerability affects JD Edwards EnterpriseOne Tools versions 9.2.0.0-9.2.26.2. Evidence of exploitation or impact is not currently available, but defenders should verify the patch status of their deployments and monitor for suspicious activity related to JD Edwards EnterpriseOne Tools.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:08.387Z and has not been modified since then. The NVD entry is currently Analyzed.