Vulnerability in JD Edwards EnterpriseOne Project Costing by Oracle
CVE-2026-46911

9.6CRITICAL

Key Information:

Vendor

Oracle

Vendor
CVE Published:
16 June 2026

What is CVE-2026-46911?

A security flaw exists in Oracle's JD Edwards EnterpriseOne Project Costing that allows a low-privileged attacker with network access via JDENET to manipulate data. This vulnerability enables unauthorized creation, deletion, or modification of critical data, potentially impacting the confidentiality and integrity of the data within JD Edwards EnterpriseOne Project Costing. Exploitation of this vulnerability not only affects the Project Costing product but may also extend its impact to other interconnected systems. Organizations using affected versions are advised to implement security measures to mitigate risks.

Affected Version(s)

JD Edwards EnterpriseOne Project Costing 9.2

References

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.