PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46978 Oracle Corporation CVE debrief

A critical vulnerability was identified in Oracle Solaris 11.4, specifically in the Remote Administration Daemon component. This vulnerability allows an unauthenticated attacker with network access via HTTPS to compromise Oracle Solaris, potentially impacting additional products. Successful attacks could result in unauthorized creation, deletion, or modification access to critical data or all Oracle Solaris accessible data, as well as unauthorized access to critical data or complete access to all Oracle Solaris accessible data.

Vendor
Oracle Corporation
Product
Oracle Solaris
CVSS
CRITICAL 10
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-26
Advisory published
2026-06-17
Advisory updated
2026-06-26

Who should care

System administrators and security professionals responsible for Oracle Solaris 11.4 installations should prioritize patching this vulnerability. Given the critical severity and potential scope change impacting additional products, swift action is essential to mitigate risks.

Technical summary

The vulnerability in Oracle Solaris' Remote Administration Daemon component has a CVSS 3.1 Base Score of 10.0, indicating a critical severity level. The CVSS Vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N, highlighting the ease of exploitation and potential impact on confidentiality and integrity. The vulnerability is easily exploitable by unauthenticated attackers with network access via HTTPS.

Defensive priority

High priority should be given to patching this vulnerability due to its critical severity, potential for scope change, and the high impact on confidentiality and integrity.

Recommended defensive actions

  • Apply the security patch provided by Oracle Corporation as soon as possible.
  • Review and update network access controls to limit exposure to the Remote Administration Daemon.
  • Monitor systems for any suspicious activity related to this vulnerability.
  • Consider implementing compensating controls if immediate patching is not feasible.
  • Verify the integrity of critical data and systems regularly.

Evidence notes

The CVE record and NVD detail provide the primary sources for this analysis. The CVE was published on 2026-06-17T10:54:16.803Z and last modified on 2026-06-26T03:45:23.070Z. The NVD entry is currently Analyzed.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:16.803Z and has not been modified since then. The NVD entry is currently Analyzed.