Unauthorized Access Vulnerability in JD Edwards EnterpriseOne Tools by Oracle
CVE-2026-46912

9.3CRITICAL

Key Information:

Vendor

Oracle

Vendor
CVE Published:
16 June 2026

What is CVE-2026-46912?

A vulnerability exists in JD Edwards EnterpriseOne Tools that can be easily exploited by unauthenticated attackers through HTTP access. This issue affects versions 9.2.0.0 to 9.2.26.2, allowing potential attackers to gain unauthorized access to sensitive data connected to JD Edwards tools. Successful exploitation may lead to unauthorized updates, insertion, or deletion of data, representing a significant risk to organizations utilizing the platform. Given the interconnected nature of software systems, compromise of JD Edwards may also result in broader impacts on related applications and data security.

Affected Version(s)

JD Edwards EnterpriseOne Tools 9.2.0.0 <= 9.2.26.2

References

CVSS V3.1

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.