Description
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Security). Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw exists in the Enterprise Infrastructure Security component of Oracle’s JD Edwards EnterpriseOne Tools and enables an unauthenticated network attacker to execute arbitrary code with application privileges. Successful exploitation results in complete takeover of the tools, affecting confidentiality, integrity, and availability of the entire application. The vulnerability carries a CVSS 3.1 base score of 9.8.

Affected Systems

Versions of JD Edwards EnterpriseOne Tools ranging from 9.2.0.0 to 9.2.26.2 are vulnerable. The JDENET service component, reachable over the network, is the attack surface. Any deployment in this version range exposed to JDENET traffic is at risk unless a patch or later release is installed.

Risk and Exploitability

The CVSS score highlights high impact on all security properties. While the EPSS score is below 1 %, indicating currently low exploitation probability, the CVE is still readily exploitable without authentication and over a network interface. The flaw is not listed in CISA’s KEV catalog, yet it presents a serious risk for systems that expose JDENET to untrusted networks. An attacker can trigger the vulnerability by sending crafted JDENET traffic from any remote host, leveraging the lack of authentication and low attack complexity.

Generated by OpenCVE AI on June 17, 2026 at 19:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Oracle’s patch for CVE‑2026‑46881 or upgrade to a version later than 9.2.26.2, ensuring the Enterprise Infrastructure Security component is fixed.
  • If a patch is unavailable, restrict JDENET network access to trusted hosts only, close or firewall‑filter the JDENET port, and segment the network to isolate the service.
  • Enable detailed auditing of JDENET activity, review logs for anomalous traffic, and perform regular vulnerability scans to detect exploitation attempts.

Generated by OpenCVE AI on June 17, 2026 at 19:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Security). Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle jd Edwards Enterpriseone Tools
CPEs cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle jd Edwards Enterpriseone Tools
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Oracle Jd Edwards Enterpriseone Tools
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T15:21:52.423Z

Reserved: 2026-05-18T15:55:10.309Z

Link: CVE-2026-46881

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T01:00:15Z

Weaknesses

No weakness.