Description
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
Published: 2026-06-16
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Oracle Solaris 11.4 filesystem component, identified as CWE‑269 (Improper Privilege Management) and CWE‑400 (Denial of Service), allows a logged‑on low‑privileged user to obtain privileged data and to trigger system hangs or crashes. The vulnerability can be exploited to read or modify critical files that should be protected by access controls, enabling a breach of confidentiality. Successful exploitation does not require network exposure and results in a loss of availability through repeated, repeatable crashes or hangs in the operating system.

Affected Systems

Oracle Solaris 11.4 deployed on infrastructure with local user access is affected. This includes all installations of the 11.4 release that have not applied the vendor patch; no other versions or product lines are known to be impacted.

Risk and Exploitability

The CVSS 3.1 base score of 7.1 indicates moderate to high risk, with a local low‑privileged attack vector, low attack complexity, and no user interaction required. The EPSS score of less than 1% implies a very low current probability of exploitation, and the vulnerability has not yet been recorded in the CISA KEV catalog. Because the attacker must already have a local logon, the attack is confined to the local environment, but once executed the impact can be severe due to the confidentiality and availability consequences it introduces.

Generated by OpenCVE AI on June 18, 2026 at 21:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Oracle Solaris 11.4 security patch released by Oracle
  • Upgrade to a newer Solaris major release that includes the fix
  • After patching, ensure that local file permissions enforce stricter access controls for system files and directories

Generated by OpenCVE AI on June 18, 2026 at 21:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Title Improper Privilege Management Leading to Unauthorized Data Access and Denial of Service in Oracle Solaris 11.4 Filesystem

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-269
CWE-400
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
First Time appeared Oracle
Oracle solaris
CPEs cpe:2.3:a:oracle:solaris:11.4:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle solaris
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T13:50:46.096Z

Reserved: 2026-05-18T15:55:10.311Z

Link: CVE-2026-46914

cve-icon Vulnrichment

Updated: 2026-06-17T13:50:39.794Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T21:45:04Z

Weaknesses
  • CWE-269

    Improper Privilege Management

  • CWE-400

    Uncontrolled Resource Consumption