Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Local logon required (AV:L, PR:L); easily exploitable per Oracle (AC:L); no user interaction; gives full read of accessible data (C:H) and full OS crash (A:H) with no integrity impact (I:N).
Primary rating from Vendor (oracle).
CVSS VectorVendor: oracle
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
AnalysisAI
Local privilege abuse in Oracle Solaris 11.4 allows a low-privileged authenticated user with logon access to the host to read sensitive filesystem data and trigger a complete denial of service of the operating system. Oracle's June 2026 Critical Patch Update lists this as easily exploitable through the Filesystem component, with a CVSS 3.1 base score of 7.1; no public exploit identified at time of analysis and the issue is not on the CISA KEV list.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must have an interactive local logon on the Oracle Solaris 11.4 host (CVSS AV:L, PR:L) and the ability to invoke the vulnerable Filesystem component code path; no user interaction by another account is required (UI:N) and attack complexity is low (AC:L), meaning no race window or special tuning. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H places this firmly in the 'local but easy' tier: any user who can log in to a Solaris 11.4 host can both exfiltrate sensitive filesystem data (C:H) and crash the OS (A:H) without user interaction, but they cannot reach it over the network and cannot tamper with data (I:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A developer or batch-job account with an ordinary shell on a shared Solaris 11.4 build server abuses the vulnerable Filesystem code path to read files belonging to other tenants or to root (for example, private keys or database credentials) and, in the same session, triggers the bug a second time to hang or crash the host, causing a complete outage of the workloads on that node. Because attack complexity is low and no user interaction is required, the action can be scripted and repeated; no public exploit identified at time of analysis, but the conditions favor straightforward weaponization once technical details emerge. |
| Remediation | Apply the Filesystem fixes from Oracle's June 2026 Critical Patch Update (https://www.oracle.com/security-alerts/cspujun2026.html) by installing the corresponding Solaris 11.4 SRU on every affected host - Patch available per vendor advisory; the specific patched SRU number is not included in the input data and should be taken directly from the CPU matrix. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify and inventory all Solaris 11.4 systems in your environment. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Oracle Solaris
View allSame weakness CWE-269 – Improper Privilege Management
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37233