CVE-2026-46907 – JD Edwards EnterpriseOne Order Promising
“A critical weakness in supply chain planning can quickly become a business continuity problem.”
This patch addresses CVE-2026-46907 in Oracle JD Edwards EnterpriseOne Order Promising. The vulnerability affects the Order Promising component, which plays a key role in inventory availability, fulfillment planning, and order management processes across enterprise environments.
CVE-2026-46907 has a CVSS score of 9.9, which is Critical severity.
No verified exploitation has been reported. However, the Critical severity rating indicates a significant risk to affected systems. Because Order Promising supports essential supply chain and fulfillment operations, organizations should prioritize remediation to reduce exposure and maintain operational integrity.
Key Details
- Affected Product
- Oracle Jd Edwards Enterpriseone Global Order Promising
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- Low
- User Interaction
- None
- CWE Classification
- CWE-284