PatchSiren cyber security CVE debrief
CVE-2026-46912 Oracle Corporation CVE debrief
A critical vulnerability was discovered in JD Edwards EnterpriseOne Tools, a product of Oracle JD Edwards. The vulnerability, tracked as CVE-2026-46912, affects versions 9.2.0.0-9.2.26.2 and allows unauthenticated attackers with network access via HTTP to compromise the system. Successful attacks can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data, as well as unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data.
- Vendor
- Oracle Corporation
- Product
- JD Edwards EnterpriseOne Tools
- CVSS
- CRITICAL 9.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-17
Who should care
Organizations using JD Edwards EnterpriseOne Tools versions 9.2.0.0-9.2.26.2 should prioritize patching this vulnerability to prevent potential attacks. The vulnerability's critical severity and potential for significant impact on additional products make it essential for affected organizations to take immediate action.
Technical summary
The vulnerability, CVE-2026-46912, in JD Edwards EnterpriseOne Tools' Web Runtime Security component, allows unauthenticated attackers with network access via HTTP to compromise the system. Successful attacks can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data, as well as unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data. The CVSS 3.1 Base Score is 9.3, indicating a critical severity level, with high impacts on confidentiality and integrity. Organizations must prioritize patching, conduct thorough inventory checks, and implement compensating controls to limit the attack surface. Regular monitoring and data backups are also essential.
Defensive priority
High
Recommended defensive actions
- Apply the patch provided by Oracle Corporation as soon as possible
- Conduct a thorough inventory of JD Edwards EnterpriseOne Tools instances to ensure all affected versions are identified and patched
- Implement compensating controls, such as network segmentation or access restrictions, to limit the attack surface
- Monitor system logs and network traffic for potential exploitation attempts
- Verify the integrity of JD Edwards EnterpriseOne Tools data and perform regular backups
Evidence notes
The CVE record was published on 2026-06-17T10:54:09.020Z and has not been modified since then. The NVD entry is currently Analyzed. The vulnerability is described in the Oracle Security Alert for CSPU June 2026.
Official resources
-
CVE-2026-46912 CVE record
CVE.org
-
CVE-2026-46912 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:09.020Z and has not been modified since then. The NVD entry is currently Analyzed.