PatchSiren cyber security CVE debrief
CVE-2026-46978 Oracle Corporation CVE debrief
A critical vulnerability was identified in Oracle Solaris 11.4, specifically in the Remote Administration Daemon component. This vulnerability allows an unauthenticated attacker with network access via HTTPS to compromise Oracle Solaris, potentially impacting additional products. Successful attacks could result in unauthorized creation, deletion, or modification access to critical data or all Oracle Solaris accessible data, as well as unauthorized access to critical data or complete access to all Oracle Solaris accessible data.
- Vendor
- Oracle Corporation
- Product
- Oracle Solaris
- CVSS
- CRITICAL 10
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-26
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-26
Who should care
System administrators and security professionals responsible for Oracle Solaris 11.4 installations should prioritize patching this vulnerability. Given the critical severity and potential scope change impacting additional products, swift action is essential to mitigate risks.
Technical summary
The vulnerability in Oracle Solaris' Remote Administration Daemon component has a CVSS 3.1 Base Score of 10.0, indicating a critical severity level. The CVSS Vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N, highlighting the ease of exploitation and potential impact on confidentiality and integrity. The vulnerability is easily exploitable by unauthenticated attackers with network access via HTTPS.
Defensive priority
High priority should be given to patching this vulnerability due to its critical severity, potential for scope change, and the high impact on confidentiality and integrity.
Recommended defensive actions
- Apply the security patch provided by Oracle Corporation as soon as possible.
- Review and update network access controls to limit exposure to the Remote Administration Daemon.
- Monitor systems for any suspicious activity related to this vulnerability.
- Consider implementing compensating controls if immediate patching is not feasible.
- Verify the integrity of critical data and systems regularly.
Evidence notes
The CVE record and NVD detail provide the primary sources for this analysis. The CVE was published on 2026-06-17T10:54:16.803Z and last modified on 2026-06-26T03:45:23.070Z. The NVD entry is currently Analyzed.
Official resources
-
CVE-2026-46978 CVE record
CVE.org
-
CVE-2026-46978 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:16.803Z and has not been modified since then. The NVD entry is currently Analyzed.