PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46914 Oracle Corporation CVE debrief

A high-severity vulnerability was found in Oracle Solaris 11.4, specifically in the filesystem component. This vulnerability is easily exploitable by a low-privileged attacker with logon access to the infrastructure where Oracle Solaris executes, potentially leading to unauthorized access to critical data or complete access to all Oracle Solaris accessible data, and unauthorized ability to cause a hang or frequently repeatable crash of Oracle Solaris.

Vendor
Oracle Corporation
Product
Oracle Solaris
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-18
Advisory published
2026-06-17
Advisory updated
2026-06-18

Who should care

System administrators and security teams responsible for Oracle Solaris 11.4 installations should prioritize patching this vulnerability to prevent potential data breaches and system downtime.

Technical summary

The vulnerability in Oracle Solaris 11.4 filesystem component has a CVSS 3.1 Base Score of 7.1, indicating high severity. It allows low privileged attackers with logon access to compromise Oracle Solaris, leading to unauthorized data access and potential system crashes. The CVSS Vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H. This vulnerability is easily exploitable and can result in unauthorized access to critical data or complete access to all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris.

Defensive priority

High priority should be given to patching this vulnerability due to its high severity and potential impact on data confidentiality and system availability.

Recommended defensive actions

  • Apply the security patch provided by Oracle Corporation as soon as possible.
  • Review and update access controls to ensure that only authorized personnel have logon access to the infrastructure where Oracle Solaris executes.
  • Monitor system logs and performance for any suspicious activity or signs of exploitation.
  • Consider implementing additional security measures such as intrusion detection and prevention systems.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.

Evidence notes

The CVE record was published on 2026-06-17T10:54:09.233Z and was last modified on 2026-06-18T22:08:48.160Z. The NVD entry is currently Analyzed. The vulnerability is described in the Oracle Security Alert for June 2026.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:09.233Z and has not been modified since then. The NVD entry is currently Analyzed.