NCSC-2026-0206 [1.00] [M/H] Vulnerabilities fixed in Oracle JD Edwards EnterpriseOne
Oracle has fixed multiple vulnerabilities in Oracle JD Edwards EnterpriseOne, including the Tools, Accounts Payable, Human Resources Management, General Ledger, Order Promising, and Project Costing modules, specifically for versions 9.2.0.0 to 9.2.26.2. The vulnerabilities in Oracle JD Edwards EnterpriseOne allow an attacker to gain full control over the system without authentication or with low privileges via network access (HTTP or SMB). This includes creating, deleting, or modifying critical data, gaining unauthorized access to sensitive information, and causing a denial-of-service by crashing the system. The vulnerabilities affect the confidentiality, integrity, and availability of the system. Some vulnerabilities may also impact other related Oracle products due to the integrated nature of the suite.
CSIRTS triage
- What
- Vulnerabilities could allow attackers to gain full control over the system without authentication.
- Who is affected
- Users of Oracle JD Edwards EnterpriseOne versions 9.2.0.0 to 9.2.26.2.
- Urgency
- Remediation is urgent due to the potential for complete system compromise.
- Action
- Users should apply the updates provided by Oracle.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch JD Edwards EnterpriseOne
Get an email when a new JD Edwards EnterpriseOne advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://advisories.ncsc.nl/advisory?id=NCSC-2026-0206
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-468780.48% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 38% of all scored CVEs.
- Low exploitation riskCVE-2026-468790.48% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 38% of all scored CVEs.
- Low exploitation riskCVE-2026-468800.48% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 38% of all scored CVEs.
- Low exploitation riskCVE-2026-468810.47% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 38% of all scored CVEs.
- Low exploitation riskCVE-2026-468820.47% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 38% of all scored CVEs.
- Low exploitation riskCVE-2026-468830.47% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 38% of all scored CVEs.
- Low exploitation riskCVE-2026-468910.34% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 26% of all scored CVEs.
- Low exploitation riskCVE-2026-468920.40% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 32% of all scored CVEs.
- Low exploitation riskCVE-2026-468930.30% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 22% of all scored CVEs.
- Low exploitation riskCVE-2026-469030.40% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 32% of all scored CVEs.
Referenced CVEs
More from NCSC-NL Advisories
- unknownNCSC-2026-0223 [1.00] [M/H] Vulnerabilities fixed in BeyondTrust Remote Support and Privileged Remote Access2026-07-10
- unknownNCSC-2026-0222 [1.00] [M/H] Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition2026-07-10
- unknownNCSC-2026-0221 [1.00] [M/H] Vulnerabilities fixed in UniFi products from Ubiquiti Networks2026-07-07
- unknownNCSC-2026-0220 [1.00] [M/H] Vulnerabilities fixed in Rancher by Rancher Labs2026-07-03
- unknownNCSC-2026-0219 [1.00] [M/H] Vulnerabilities fixed in GitHub Enterprise Server2026-07-03