HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-46879Published Modified CNA oracle

CVE-2026-46879: Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Security)

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Security). Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Metrics

CVSS v3.1
9.8
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is an unauthenticated remote compromise vulnerability in Oracle JD Edwards EnterpriseOne Tools, specifically within the Enterprise Infrastructure Security component, reachable over the network via the JDENET protocol. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) indicates the service is exposed over the network, requires no credentials, no victim interaction, and the exploit is reliable with no special conditions. Successful exploitation results in full takeover of JD Edwards EnterpriseOne Tools, giving an attacker complete control over confidentiality, integrity, and availability. No fix versions have been published by Oracle; HarborGuard tracks this advisory and will make a patched rebuild available the moment upstream ships a fix.

HarborGuard Coverage

Detection

Detection capability for CVE-2026-46879 is available across every HarborGuard environment, with the CVE ingested from upstream feeds and matched against customer images within minutes of publication. This matching covers all image sources in customer registries and CI pipelines, including custom-built images that package Oracle JD Edwards EnterpriseOne Tools at any affected version in the 9.2.0.0 through 9.2.26.2 range.

Available
Triage

HarborGuard scores this CVE at 9.8 Critical using the published CVSS v3.1 vector, surfacing it at the top of any affected image's vulnerability list. Per-environment compliance policy weighting is available to adjust routing priority, ensuring the alert reaches the appropriate security or platform team inbox within each customer organization.

Available
Patch

Because no upstream fix version has been published for this CVE, HarborGuard re-examines the Oracle advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment Oracle ships a remediated release. In the interim, HarborGuard surfaces this CVE for manual review and supports compensating-control workflows such as network-policy isolation of JDENET-exposed workloads.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the JD Edwards EnterpriseOne Tools service over the network via the JDENET protocol; no local or physical access is required.

  • AuthenticationNot required

    No credentials of any privilege level are needed; the vulnerability is exploitable by any unauthenticated network peer.

  • Victim interactionNot required

    No user action, click, or session is needed; the attacker initiates exploitation entirely without victim participation.

  • Attack complexityDetail

    Attack complexity is Low, meaning the exploit is reliable and requires no special race conditions, memory layout knowledge, or environmental prerequisites.

Blast Radius

  • A successful attacker gains full read access to all data processed by JD Edwards EnterpriseOne Tools, including ERP records, configuration secrets, and user credentials stored or cached by the platform.
  • The attacker can write, modify, or delete persistent data managed by the Tools layer, including business-critical ERP transactions and system configuration.
  • The attacker can crash or otherwise take the JD Edwards EnterpriseOne Tools service offline, disrupting ERP operations for all users of the affected instance.
  • Because the outcome is described as full platform takeover, the attacker can establish persistent access, pivot to connected backend systems, or deploy arbitrary code within the container or host environment.

How HarborGuard Handles This

Available on HarborGuard: because Oracle has not yet published a fix for CVE-2026-46879, the recommended posture is active monitoring combined with compensating controls. HarborGuard re-checks the Oracle advisory on every ingest cycle and will trigger a patched-image rebuild automatically once a fix version is released; for customers with auto-remediation enabled, that rebuild will include a regression-test run and a PR opened against affected workloads. In the meantime, customers are advised to use HarborGuard network-policy recommendations to restrict JDENET port exposure to known trusted source ranges, apply egress filtering on containers running affected Tools versions, and consider feature-flag or deployment-gate controls to block promotion of images containing versions 9.2.0.0 through 9.2.26.2 to production until a patch is available. This CVE is flagged at Critical priority in HarborGuard's advisory tracker, so any Oracle-issued update will surface within minutes of publication.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / JD Edwards EnterpriseOne Tools
    ≤ 9.2.26.2
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References