CVE-2026-46905 – JD Edwards EnterpriseOne Tools
“A broad set of critical ERP tool vulnerabilities can put the business platform itself at risk.”
This patch addresses fourteen vulnerabilities in Oracle JD Edwards EnterpriseOne Tools. The update includes thirteen Critical severity vulnerabilities and one High severity vulnerability affecting a core ERP platform component that supports enterprise application operations, administration, and business workflows.
CVE-2026-46878, CVE-2026-46879, CVE-2026-46880, CVE-2026-46881, CVE-2026-46882, CVE-2026-46883, CVE-2026-46904, CVE-2026-46905, and CVE-2026-46909 each have a CVSS score of 9.8, which is Critical severity. CVE-2026-46906 has a CVSS score of 9.6, which is Critical severity. CVE-2026-46910 has a CVSS score of 9.1, which is Critical severity. CVE-2026-46912 and CVE-2026-46913 each have a CVSS score of 9.3, which is Critical severity. CVE-2026-46903 has a CVSS score of 8.8, which is High severity.
No verified exploitation has been reported. The volume and severity of these vulnerabilities make this a high-priority update for JD Edwards environments.
Key Details
- Affected Product
- Oracle Jd Edwards Enterpriseone Tools
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-306