Description
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Driver). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data as well as unauthorized access to critical data or complete access to all Oracle Solaris accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N).
Published: 2026-01-20
Score: 5.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Confidentiality and Integrity Compromise
Action: Apply Patch
AI Analysis

Impact

The Oracle Solaris driver vulnerability allows an attacker who has high‑level local privileges on the affected system to create, modify, or delete critical data. Once the attacker logs on to the infrastructure, the flaw does not require remote access, but it does require a single successful interaction from a user other than the attacker to trigger the exploitation. The impact is full confidentiality and integrity compromise of all Solaris‑accessible data.

Affected Systems

Oracle Solaris 11.x is the affected product. The vulnerability involves the Solaris driver component referenced in the advisory, and no other versions such as Solaris 10.x are impacted.

Risk and Exploitability

The CVSS score of 5.8 indicates moderate severity, with high confidentiality and integrity impacts but no availability impact. The EPSS score of less than 1% suggests that the exploitation likelihood is very low at the moment. Oracle has not listed this vulnerability in its KEV catalog, so there are no active, publicly known exploits. Nevertheless, the local attack vector with high privileges and the need for a secondary user interaction means that an attacker who can gain a foothold into the environment and convince a legitimate user to perform an action could compromise the Solaris system. The risk remains for the unpatched 11.x releases until a patch or workaround is applied.

Generated by OpenCVE AI on April 18, 2026 at 19:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy the Oracle Solaris patch for CVE-2026-21927 provided in the January 2026 Critical Patch Update (CPS).
  • Restrict high‑privilege account access to only trusted administrators and require mandatory two‑factor authentication for privileged sessions.
  • Remove or disable the vulnerable driver component if it is not required for business operations, and verify that any alternate drivers do not contain the same flaw.

Generated by OpenCVE AI on April 18, 2026 at 19:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
Title Privilege‑Based Data Modification in Oracle Solaris Driver
Weaknesses CWE-284
CWE-285

Thu, 29 Jan 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*

Wed, 21 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 20 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Solaris product of Oracle Systems (component: Driver). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data as well as unauthorized access to critical data or complete access to all Oracle Solaris accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N).
First Time appeared Oracle
Oracle solaris
CPEs cpe:2.3:a:oracle:solaris:11:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle solaris
References
Metrics cvssV3_1

{'score': 5.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N'}

Subscriptions

Oracle Solaris
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-03-03T15:54:39.825Z

Reserved: 2026-01-05T18:07:34.709Z

Link: CVE-2026-21927

cve-icon Vulnrichment

Updated: 2026-01-21T20:52:07.311Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-20T22:15:55.180

Modified: 2026-01-29T21:16:32.040

Link: CVE-2026-21927

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T19:15:10Z

Weaknesses