CVE-2026-46978
CriticalCVSS 10.0Exploitation Probability (EPSS)
Low risk22th percentile — higher than 22% of all known CVEs
Summary
Vulnerability in Oracle Solaris (component: Remote Administration Daemon) version 11.4. An unauthenticated attacker with network access via HTTPS can fully compromise the system, leading to unauthorized creation, deletion, or modification of all data and complete access to it. The attack scope may extend beyond Solaris (scope change).
Risk Assessment
The risk is critical – an attacker with no privileges can take full control of all data in the Solaris system and potentially affect other products in the IT environment, leading to complete loss of confidentiality and integrity.
Recommendation
Immediately apply the security patch from Oracle for Solaris 11.4. If unavailable, restrict HTTPS access to the Remote Administration Daemon port to trusted networks only.
Original NVD description (English source)
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Remote Administration Daemon). The supported version that is affected is 11.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data as well as unauthorized access to critical data or complete access to all Oracle Solaris accessible data. CVSS 3.1 Base Score 10.0 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N).

