Alerts
Multiple Vulnerabilities in Oracle Solaris
18 June 2026
Attackers can exploit multiple vulnerabilities in Oracle Solaris to compromise affected systems, gain unauthorised access to critical data and cause denial of service. Patch immediately.
Background
Oracle has released security updates to address vulnerabilities in the Remote Administration Daemon component (CVE-2026-46978), the Filesystem component (CVE-2026-46914), and the Libraries component (CVE-2026-35233) of Oracle Solaris, as part of Oracle's Critical Security Patch Update in June 2026.
The following vulnerabilities have a Common Vulnerability Scoring System (CVSS v3.1) score of: CVE-2026-46978 at 10.0, CVE-2026-46914 at 7.1, and CVE-2026-35233 at 4.4, out of 10.
Impact
Successful exploitation of these vulnerabilities could lead to the following:
CVE-2026-46978: Due to a vulnerability in the Remote Administration Daemon, an unauthenticated attacker with network access via HTTPS could gain unauthorised access to or modify critical data on the affected system.
CVE-2026-46914: Due to a vulnerability in the Filesystem component, an authenticated attacker with low privilege access could gain unauthorised access to critical data and cause a denial of service condition on the affected system.
CVE-2026-35233: Due to a vulnerability in the Libraries component, an authenticated attacker with low privilege access could gain unauthorised access to update, insert, or delete access to some Oracle Solaris accessible data and cause a partial denial of service condition on the affected system.
Affected Products
These vulnerabilities affect Oracle Solaris version 11.4.
Mitigation
Users and administrators of affected products are advised to update to the latest versions immediately.
References
https://www.oracle.com/security-alerts/cspujun2026.html
https://nvd.nist.gov/vuln/detail/CVE-2026-46978