Remote Code Execution Vulnerability in Oracle JD Edwards EnterpriseOne General Ledger
CVE-2026-46893

9.9CRITICAL

Key Information:

Vendor

Oracle

Vendor
CVE Published:
16 June 2026

What is CVE-2026-46893?

A security vulnerability in Oracle JD Edwards EnterpriseOne General Ledger component allows a low-privileged attacker with network access via SMB to exploit the system. While the risk is contained within the JD Edwards EnterpriseOne General Ledger, successful exploitation may have cascading effects on other connected products. If compromised, attackers could gain control over the General Ledger module, severely affecting the integrity and confidentiality of sensitive financial data.

Affected Version(s)

JD Edwards EnterpriseOne General Ledger 9.2

References

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.