HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-46882Published Modified CNA oracle

CVE-2026-46882: Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Security)

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Security). Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Metrics

CVSS v3.1
9.8
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A critical unauthenticated remote compromise vulnerability affects Oracle JD Edwards EnterpriseOne Tools (versions 9.2.0.0 through 9.2.26.2) in its Enterprise Infrastructure Security component, reachable over the network via the JDENET protocol. No authentication is required and no user interaction is needed, meaning an attacker with network access to the JDENET port can exploit this directly. Successful exploitation results in full takeover of JD Edwards EnterpriseOne Tools, with complete loss of confidentiality, integrity, and availability. No fix versions have been published yet; HarborGuard tracks the advisory and will surface a patched-image rebuild the moment Oracle releases one.

HarborGuard Coverage

Detection

Detection of CVE-2026-46882 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images in connected registries and CI/CD pipelines, including custom-built images that layer Oracle JD Edwards components. Any image carrying an affected version of JD Edwards EnterpriseOne Tools (9.2.0.0 through 9.2.26.2) is flagged automatically.

Available
Triage

Triage is available using the CVSS 3.1 base score of 9.8 (Critical), weighted further by each customer organization's compliance policy to reflect their specific exposure and risk tolerance. Findings are routed to the appropriate team inbox within each customer environment based on image ownership and policy configuration.

Available
Patch

Because no upstream fix version has been published, HarborGuard re-checks the Oracle advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment Oracle releases a corrected version. For customers with auto-remediation enabled, the rebuild, regression test run, and PR against affected workloads will be initiated without manual intervention as soon as the fix lands upstream.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the target service over the network via the JDENET protocol; any host with network access to the exposed port is in scope.

  • AuthenticationNot required

    No credentials or account of any privilege level are needed to trigger the vulnerability.

  • Victim interactionNot required

    No action from a logged-in user or administrator is required; the attacker operates entirely without victim participation.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and imposes no special preconditions such as race conditions or memory layout requirements.

Blast Radius

  • A successful attacker gains full control of the JD Edwards EnterpriseOne Tools process, enabling read access to all data it handles including configuration secrets, credentials, and business records.
  • The attacker can modify or delete persisted application data, configuration, and any records accessible to the compromised process.
  • The attacker can crash or render the JD Edwards EnterpriseOne Tools service completely unavailable.
  • Because JDENET is an infrastructure-level protocol, a compromised Tools instance may serve as a pivot point to other connected JD Edwards components and backend systems.

How HarborGuard Handles This

Available on HarborGuard: because no Oracle-published fix exists for CVE-2026-46882 as of the publication date, HarborGuard monitors the Oracle advisory on every ingest cycle and will trigger a patched-image rebuild automatically the moment a fix version is released. For customers with auto-remediation enabled, that rebuild will be accompanied by a regression test run and a PR opened against affected workloads, with no manual steps required. In the interim, compensating controls available through standard network policy tooling include isolating container workloads that run JD Edwards EnterpriseOne Tools behind strict ingress rules that permit JDENET traffic only from explicitly trusted sources, applying egress filtering to limit lateral movement potential, and where feasible, disabling or gating non-essential JDENET-exposed endpoints at the load-balancer or service-mesh layer. HarborGuard will surface a triage alert rated Critical (CVSS 9.8) for every image in connected registries carrying an affected version, routed according to each environment's compliance policy, so teams can prioritize manual mitigations without waiting for the upstream patch.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / JD Edwards EnterpriseOne Tools
    ≤ 9.2.26.2
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References