Skip to main content

Oracle Solaris

2 CVEs product

Monthly

CVE-2026-46978 CRITICAL NEWS Act Now

Unauthenticated remote compromise of Oracle Solaris 11.4 Remote Administration Daemon (RAD) allows network attackers to read, modify, create, or delete critical data with scope change impacting adjacent products. The CVSS 3.1 base score of 10.0 with AV:N/AC:L/PR:N/UI:N reflects trivial network exploitability over HTTPS without authentication, and no public exploit identified at time of analysis. The scope-change designation indicates that successful exploitation breaches the security authority of RAD and propagates impact to other Solaris-managed components.

Authentication Bypass Oracle Oracle Solaris
NVD VulDB
CVSS 3.1
10.0
EPSS
0.4%
CVE-2026-46914 HIGH NEWS This Week

Local privilege abuse in Oracle Solaris 11.4 allows a low-privileged authenticated user with logon access to the host to read sensitive filesystem data and trigger a complete denial of service of the operating system. Oracle's June 2026 Critical Patch Update lists this as easily exploitable through the Filesystem component, with a CVSS 3.1 base score of 7.1; no public exploit identified at time of analysis and the issue is not on the CISA KEV list.

Authentication Bypass Oracle Oracle Solaris Privilege Escalation
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
EPSS 0% CVSS 10.0
CRITICAL Act Now

Unauthenticated remote compromise of Oracle Solaris 11.4 Remote Administration Daemon (RAD) allows network attackers to read, modify, create, or delete critical data with scope change impacting adjacent products. The CVSS 3.1 base score of 10.0 with AV:N/AC:L/PR:N/UI:N reflects trivial network exploitability over HTTPS without authentication, and no public exploit identified at time of analysis. The scope-change designation indicates that successful exploitation breaches the security authority of RAD and propagates impact to other Solaris-managed components.

Authentication Bypass Oracle Oracle Solaris
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Local privilege abuse in Oracle Solaris 11.4 allows a low-privileged authenticated user with logon access to the host to read sensitive filesystem data and trigger a complete denial of service of the operating system. Oracle's June 2026 Critical Patch Update lists this as easily exploitable through the Filesystem component, with a CVSS 3.1 base score of 7.1; no public exploit identified at time of analysis and the issue is not on the CISA KEV list.

Authentication Bypass Oracle Oracle Solaris +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy