CVE-2026-46978: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data as well as unauthorized access to critical data or complete access to all O
CVE-2026-46978 is a critical vulnerability in Oracle Solaris 11.4 affecting the Remote Administration Daemon. It allows an unauthenticated attacker with network access via HTTPS to compromise the system, potentially resulting in unauthorized creation, deletion, or modification of critical data. The vulnerability has a CVSS 3.1 base score of 10.0, indicating high confidentiality and integrity impacts with no required privileges or user interaction. Oracle has published a Critical Security Patch Update advisory addressing this and other vulnerabilities, strongly recommending prompt patch application. No explicit patch version or fix details for Solaris 11.4 are provided in the advisory content, so patch status is not yet confirmed. Mitigation includes applying the Critical Security Patch Update as soon as possible and potentially blocking network protocols required by the attack until patches are applied.
AI Analysis
Technical Summary
CVE-2026-46978 is a critical vulnerability in the Remote Administration Daemon component of Oracle Solaris 11.4. It allows an unauthenticated attacker with network access over HTTPS to compromise Oracle Solaris, resulting in unauthorized creation, deletion, or modification of critical or all accessible data. The vulnerability has a CVSS 3.1 score of 10.0 with attack vector network, low attack complexity, no privileges required, no user interaction, and scope change. The impact includes high confidentiality and integrity loss but no availability impact. Oracle's June 2026 Critical Security Patch Update advisory references this vulnerability among 245 patches but does not explicitly confirm patch availability or fixed versions for Solaris 11.4. Oracle strongly recommends applying the Critical Security Patch Update promptly to mitigate this and other vulnerabilities. Until patches are applied, risk reduction may be possible by blocking required network protocols or restricting privileges, though these may impact functionality.
Potential Impact
Successful exploitation of CVE-2026-46978 can lead to unauthorized creation, deletion, or modification of critical data or all data accessible by Oracle Solaris 11.4. The vulnerability allows complete compromise of confidentiality and integrity without requiring authentication, privileges, or user interaction. There is no direct impact on availability. The scope of the vulnerability extends beyond Oracle Solaris to potentially affect additional Oracle products. The CVSS 3.1 base score of 10.0 reflects the critical severity and ease of exploitation over the network via HTTPS.
Mitigation Recommendations
Oracle has released a Critical Security Patch Update in June 2026 that addresses this vulnerability among others. Customers are strongly advised to apply this Critical Security Patch Update promptly to remediate the vulnerability. The vendor advisory does not explicitly confirm patch availability or fixed versions for Oracle Solaris 11.4, so patch status is not yet confirmed—check the Oracle advisory for the latest remediation guidance. Until patches are applied, risk may be reduced by blocking network protocols required by the attack or by removing unnecessary privileges or access to vulnerable packages, though these measures may disrupt normal application functionality.
CVE-2026-46978: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data as well as unauthorized access to critical data or complete access to all O
Description
CVE-2026-46978 is a critical vulnerability in Oracle Solaris 11.4 affecting the Remote Administration Daemon. It allows an unauthenticated attacker with network access via HTTPS to compromise the system, potentially resulting in unauthorized creation, deletion, or modification of critical data. The vulnerability has a CVSS 3.1 base score of 10.0, indicating high confidentiality and integrity impacts with no required privileges or user interaction. Oracle has published a Critical Security Patch Update advisory addressing this and other vulnerabilities, strongly recommending prompt patch application. No explicit patch version or fix details for Solaris 11.4 are provided in the advisory content, so patch status is not yet confirmed. Mitigation includes applying the Critical Security Patch Update as soon as possible and potentially blocking network protocols required by the attack until patches are applied.
CVSS v3.1
Score 10.0critical
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-46978 is a critical vulnerability in the Remote Administration Daemon component of Oracle Solaris 11.4. It allows an unauthenticated attacker with network access over HTTPS to compromise Oracle Solaris, resulting in unauthorized creation, deletion, or modification of critical or all accessible data. The vulnerability has a CVSS 3.1 score of 10.0 with attack vector network, low attack complexity, no privileges required, no user interaction, and scope change. The impact includes high confidentiality and integrity loss but no availability impact. Oracle's June 2026 Critical Security Patch Update advisory references this vulnerability among 245 patches but does not explicitly confirm patch availability or fixed versions for Solaris 11.4. Oracle strongly recommends applying the Critical Security Patch Update promptly to mitigate this and other vulnerabilities. Until patches are applied, risk reduction may be possible by blocking required network protocols or restricting privileges, though these may impact functionality.
Potential Impact
Successful exploitation of CVE-2026-46978 can lead to unauthorized creation, deletion, or modification of critical data or all data accessible by Oracle Solaris 11.4. The vulnerability allows complete compromise of confidentiality and integrity without requiring authentication, privileges, or user interaction. There is no direct impact on availability. The scope of the vulnerability extends beyond Oracle Solaris to potentially affect additional Oracle products. The CVSS 3.1 base score of 10.0 reflects the critical severity and ease of exploitation over the network via HTTPS.
Mitigation Recommendations
Oracle has released a Critical Security Patch Update in June 2026 that addresses this vulnerability among others. Customers are strongly advised to apply this Critical Security Patch Update promptly to remediate the vulnerability. The vendor advisory does not explicitly confirm patch availability or fixed versions for Oracle Solaris 11.4, so patch status is not yet confirmed—check the Oracle advisory for the latest remediation guidance. Until patches are applied, risk may be reduced by blocking network protocols required by the attack or by removing unnecessary privileges or access to vulnerable packages, though these measures may disrupt normal application functionality.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- oracle
- Date Reserved
- 2026-05-18T15:55:10.314Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","vendor":"Oracle"}]
Threat ID: 6a31b6350b89be68882668ed
Added to database: 6/16/2026, 8:46:45 PM
Last enriched: 6/16/2026, 9:00:11 PM
Last updated: 6/17/2026, 12:44:11 AM
Views: 28
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.