CVE-2026-46907 – JD Edwards EnterpriseOne Order Promising

CVSS 9.9 CRITICAL Critical or Zero Day – Immediate Deployment

“A critical weakness in supply chain planning can quickly become a business continuity problem.”

This patch addresses CVE-2026-46907 in Oracle JD Edwards EnterpriseOne Order Promising. The vulnerability affects the Order Promising component, which plays a key role in inventory availability, fulfillment planning, and order management processes across enterprise environments.

CVE-2026-46907 has a CVSS score of 9.9, which is Critical severity.

No verified exploitation has been reported. However, the Critical severity rating indicates a significant risk to affected systems. Because Order Promising supports essential supply chain and fulfillment operations, organizations should prioritize remediation to reduce exposure and maintain operational integrity.

Key Details

Affected Product
Oracle Jd Edwards Enterpriseone Global Order Promising
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
CWE Classification
CWE-284
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.