Description
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
Published: 2026-06-16
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Oracle Solaris 11.4 filesystem component allows a logged‑on low‑privileged user to obtain privileged data and to trigger system hangs or crashes. The vulnerability can be exploited to read or modify critical files that should be protected by access controls, enabling a breach of confidentiality. Successful exploitation does not require network exposure and results in a loss of availability through repeated, repeatable crashes or hangs in the operating system.

Affected Systems

Oracle Solaris 11.4 deployed on infrastructure with local user access is affected. This includes all installations of the 11.4 release that have not applied the vendor patch; no other versions or product lines are known to be impacted.

Risk and Exploitability

The CVSS 3.1 base score of 7.1 indicates moderate to high risk, with a local low‑privileged attack vector, low attack complexity, and no user interaction required. The EPSS score of less than 1% implies a very low current probability of exploitation, and the vulnerability has not yet been recorded in the CISA KEV catalog. Because the attacker must already have a local logon, the attack is confined to the local environment, but once executed the impact can be severe due to the confidentiality and availability consequences it introduces.

Generated by OpenCVE AI on June 17, 2026 at 19:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Oracle Solaris 11.4 security patch released by Oracle
  • Upgrade to a newer Solaris major release that includes the fix
  • After patching, verify that local file permissions enforce stricter access controls, especially for system files and directories

Generated by OpenCVE AI on June 17, 2026 at 19:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
First Time appeared Oracle
Oracle solaris
CPEs cpe:2.3:a:oracle:solaris:11.4:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle solaris
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H'}

Subscriptions

Oracle Solaris
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T13:50:46.096Z

Reserved: 2026-05-18T15:55:10.311Z

Link: CVE-2026-46914

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T00:30:15Z

Weaknesses

No weakness.