CVE-2026-46913: Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where JD Edwards EnterpriseOne Tools executes to compromise JD Edwards EnterpriseOne Tools. While the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. in Oracle Corporation JD Edwards EnterpriseOne Tools
A critical vulnerability (CVE-2026-46913) exists in Oracle JD Edwards EnterpriseOne Tools (versions 9.2.0.0 through 9.2.26.2) that allows an unauthenticated attacker with logon access to the infrastructure to compromise the product. Successful exploitation can lead to full takeover of JD Edwards EnterpriseOne Tools and may impact additional products. The vulnerability has a CVSS 3.1 base score of 9.3, indicating high confidentiality, integrity, and availability impacts. Oracle has released a Critical Security Patch Update addressing this and many other vulnerabilities and strongly recommends applying patches promptly. No explicit patch version or remediation level is stated for this specific CVE in the advisory, so users should consult Oracle's June 2026 Critical Security Patch Update for details.
AI Analysis
Technical Summary
CVE-2026-46913 is a critical vulnerability in Oracle JD Edwards EnterpriseOne Tools affecting versions 9.2.0.0 through 9.2.26.2. It allows an unauthenticated attacker who has logon access to the underlying infrastructure to compromise the JD Edwards EnterpriseOne Tools component. The vulnerability can lead to complete takeover of the product and potentially impact other Oracle products (scope change). The CVSS 3.1 vector indicates the attack requires local access (AV:L), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and results in high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Oracle’s June 2026 Critical Security Patch Update advisory references this vulnerability among 245 addressed security issues and urges customers to apply patches promptly. No direct patch link or fixed version is explicitly provided for this CVE in the advisory content.
Potential Impact
Successful exploitation of this vulnerability can result in full compromise and takeover of JD Edwards EnterpriseOne Tools, impacting confidentiality, integrity, and availability of the system. Additionally, due to scope change, other Oracle products integrated or dependent on JD Edwards EnterpriseOne Tools may also be significantly affected. The vulnerability requires only local logon access but no authentication or user interaction, making it easily exploitable in environments where an attacker has infrastructure access.
Mitigation Recommendations
Oracle strongly recommends applying the June 2026 Critical Security Patch Update, which includes fixes for this vulnerability among others. Until patches are applied, risk may be reduced by restricting network protocols required for exploitation and limiting privileges or package access to only necessary users. Oracle advises customers to remain on actively supported versions and apply security patches without delay. Patch status for this specific vulnerability is not explicitly stated; users must consult the Oracle June 2026 Critical Security Patch Update advisory for current patch availability and installation instructions.
CVE-2026-46913: Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where JD Edwards EnterpriseOne Tools executes to compromise JD Edwards EnterpriseOne Tools. While the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. in Oracle Corporation JD Edwards EnterpriseOne Tools
Description
A critical vulnerability (CVE-2026-46913) exists in Oracle JD Edwards EnterpriseOne Tools (versions 9.2.0.0 through 9.2.26.2) that allows an unauthenticated attacker with logon access to the infrastructure to compromise the product. Successful exploitation can lead to full takeover of JD Edwards EnterpriseOne Tools and may impact additional products. The vulnerability has a CVSS 3.1 base score of 9.3, indicating high confidentiality, integrity, and availability impacts. Oracle has released a Critical Security Patch Update addressing this and many other vulnerabilities and strongly recommends applying patches promptly. No explicit patch version or remediation level is stated for this specific CVE in the advisory, so users should consult Oracle's June 2026 Critical Security Patch Update for details.
CVSS v3.1
Score 9.3critical
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-46913 is a critical vulnerability in Oracle JD Edwards EnterpriseOne Tools affecting versions 9.2.0.0 through 9.2.26.2. It allows an unauthenticated attacker who has logon access to the underlying infrastructure to compromise the JD Edwards EnterpriseOne Tools component. The vulnerability can lead to complete takeover of the product and potentially impact other Oracle products (scope change). The CVSS 3.1 vector indicates the attack requires local access (AV:L), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and results in high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Oracle’s June 2026 Critical Security Patch Update advisory references this vulnerability among 245 addressed security issues and urges customers to apply patches promptly. No direct patch link or fixed version is explicitly provided for this CVE in the advisory content.
Potential Impact
Successful exploitation of this vulnerability can result in full compromise and takeover of JD Edwards EnterpriseOne Tools, impacting confidentiality, integrity, and availability of the system. Additionally, due to scope change, other Oracle products integrated or dependent on JD Edwards EnterpriseOne Tools may also be significantly affected. The vulnerability requires only local logon access but no authentication or user interaction, making it easily exploitable in environments where an attacker has infrastructure access.
Mitigation Recommendations
Oracle strongly recommends applying the June 2026 Critical Security Patch Update, which includes fixes for this vulnerability among others. Until patches are applied, risk may be reduced by restricting network protocols required for exploitation and limiting privileges or package access to only necessary users. Oracle advises customers to remain on actively supported versions and apply security patches without delay. Patch status for this specific vulnerability is not explicitly stated; users must consult the Oracle June 2026 Critical Security Patch Update advisory for current patch availability and installation instructions.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- oracle
- Date Reserved
- 2026-05-18T15:55:10.311Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","vendor":"Oracle"}]
Threat ID: 6a31b6270b89be6888265fab
Added to database: 6/16/2026, 8:46:31 PM
Last enriched: 6/16/2026, 9:31:13 PM
Last updated: 6/17/2026, 5:01:03 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.