CVE-2026-46908 – JD Edwards EnterpriseOne Accounts Payable & General Ledger
“Critical ERP vulnerabilities can put core financial operations directly at risk.”
This patch addresses three vulnerabilities in Oracle JD Edwards EnterpriseOne financial applications. CVE-2026-46908 and CVE-2026-46891 affect Accounts Payable, while CVE-2026-46893 affects General Ledger. These systems support sensitive financial workflows, making successful compromise especially serious for enterprise operations.
CVE-2026-46908 has a CVSS score of 9.9, which is Critical severity. CVE-2026-46891 has a CVSS score of 8.1, which is High severity. CVE-2026-46893 has a CVSS score of 9.9, which is Critical severity.
No verified exploitation has been reported. The presence of two Critical severity vulnerabilities in financial application components raises the urgency of applying the patch across affected JD Edwards environments.
Key Details
- Affected Product
- Oracle Jd Edwards Enterpriseone Accounts Payable
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- Low
- User Interaction
- None
- CWE Classification
- CWE-284