Vulnerability in JD Edwards EnterpriseOne Tools by Oracle
CVE-2026-46906

9.6CRITICAL

Key Information:

Vendor

Oracle

Vendor
CVE Published:
16 June 2026

What is CVE-2026-46906?

A security flaw exists in Oracle's JD Edwards EnterpriseOne Tools that allows a low-privileged attacker to exploit the vulnerability with network access via HTTP. This could lead to unauthorized manipulation of critical data, including creation, deletion, or modification of information. The vulnerability affects specific versions of the software, potentially compromising the integrity and confidentiality of the data managed by JD Edwards EnterpriseOne Tools. Attacks exploiting this issue may have far-reaching consequences, impacting not just the tools themselves, but the broader enterprise systems using them.

Affected Version(s)

JD Edwards EnterpriseOne Tools 9.2.0.0 <= 9.2.26.2

References

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.