Detections
Analytics

Oracle Solaris Critical Patch Update : jun2026_SRU11_4_93_221_2

critical Nessus Plugin ID 322226

Synopsis

The remote Solaris system is missing a security patch from CSPU Jun2026.

Description

The version of Solaris installed on the remote host is prior to 11.4.93.221.2. It is, therefore, affected by multiple vulnerabilities as referenced in the solaris11_jun2026_SRU11_4_93_221_2 advisory.

 - Vulnerability in the Oracle Solaris product of Oracle Systems (component: Remote Administration Daemon).
 The supported version that is affected is 11.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data as well as unauthorized access to critical data or complete access to all Oracle Solaris accessible data. (CVE-2026-46978)

 - Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. (CVE-2026-46914)

 - Vulnerability in the Oracle Solaris product of Oracle Systems (component: Libraries). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. (CVE-2026-35233)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Install the Jun2026 CSPU from the Oracle support website.

See Also

https://www.oracle.com/docs/tech/security-alerts/cspujun2026csaf.json

https://www.oracle.com/security-alerts/cspujun2026.html

Plugin Details

Severity: Critical

ID: 322226

File Name: solaris_jun2026_SRU11_4_93_221_2.nasl

Version: 1.1

Type: Local

Published: 6/23/2026

Updated: 6/23/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.1

CVSS v2

Risk Factor: High

Base Score: 9.4

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N

CVSS Score Source: CVE-2026-46978

CVSS v3

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2026-46978

Vulnerability Information

CPE: cpe:/o:oracle:solaris

Required KB Items: Host/local_checks_enabled, Host/Solaris11/release

Exploit Ease: No known exploits are available

Patch Publication Date: 6/16/2026

Vulnerability Publication Date: 6/16/2026

Reference Information

CVE: CVE-2026-35233, CVE-2026-46914, CVE-2026-46978

IAVA: 2026-A-0615