CVE-2026-46908 – JD Edwards EnterpriseOne Accounts Payable & General Ledger

CVSS 9.9 CRITICAL Critical or Zero Day – Immediate Deployment

“Critical ERP vulnerabilities can put core financial operations directly at risk.”

This patch addresses three vulnerabilities in Oracle JD Edwards EnterpriseOne financial applications. CVE-2026-46908 and CVE-2026-46891 affect Accounts Payable, while CVE-2026-46893 affects General Ledger. These systems support sensitive financial workflows, making successful compromise especially serious for enterprise operations.

CVE-2026-46908 has a CVSS score of 9.9, which is Critical severity. CVE-2026-46891 has a CVSS score of 8.1, which is High severity. CVE-2026-46893 has a CVSS score of 9.9, which is Critical severity.

No verified exploitation has been reported. The presence of two Critical severity vulnerabilities in financial application components raises the urgency of applying the patch across affected JD Edwards environments.

Key Details

Affected Product
Oracle Jd Edwards Enterpriseone Accounts Payable
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
CWE Classification
CWE-284
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.