CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-46910

unknowncovered by 1 sourcefirst seen 2026-06-17
Oracle has fixed multiple vulnerabilities in Oracle JD Edwards EnterpriseOne, including the Tools, Accounts Payable, Human Resources Management, General Ledger, Order Promising, and Project Costing modules, specifically for versions 9.2.0.0 to 9.2.26.2. The vulnerabilities in Oracle JD Edwards EnterpriseOne allow an attacker to gain full control over the system without authentication or with low privileges via network access (HTTP or SMB). This includes creating, deleting, or modifying critical data, gaining unauthorized access to sensitive information, and causing a denial-of-service by crashing the system. The vulnerabilities affect the confidentiality, integrity, and availability of the system. Some vulnerabilities may also impact other related Oracle products due to the integrated nature of the suite.

CSIRTS triage

What
Vulnerabilities could allow attackers to gain full control over the system without authentication.
Who is affected
Users of Oracle JD Edwards EnterpriseOne versions 9.2.0.0 to 9.2.26.2.
Urgency
Remediation is urgent due to the potential for complete system compromise.
Action
Users should apply the updates provided by Oracle.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-46910

Get an email if CVE-2026-46910 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-46910

CVE.org record

Embed the live status

CVE-2026-46910 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-46910 status](https://www.csirts.com/badge/CVE-2026-46910)](https://www.csirts.com/cve/CVE-2026-46910)