How is CVE-2026-46914 exploited?

Network reachability (not-required): The attacker needs an existing shell or process on the host; no network access to the service is required. Authentication (required): Any low-privilege local account is sufficient; no administrative or elevated credentials are needed. Victim interaction (not-required): No user action or social engineering is required to trigger the vulnerability. Attack complexity (info): The exploit is reliable and condition-free, with no race conditions or special environmental factors required.

What is the impact of CVE-2026-46914?

Reads all data accessible to Oracle Solaris, including stored credentials, configuration files, and application data. Causes a complete denial of service by triggering a system hang or repeatedly crashing the Oracle Solaris instance. Disrupts any workloads or services depending on the affected Solaris host for the duration of the outage.

Back to search

HIGHCVE-2026-46914Published 2026-06-16Modified 2026-06-16CNA oracle

CVE-2026-46914: Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem)

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).

CVSS v3.1: 7.1
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

A filesystem vulnerability in Oracle Solaris 11.4 allows a local, low-privileged attacker to exploit the operating system without any special setup or victim interaction. The attacker must already have a shell or process on the host, but no elevated privileges are needed beyond a standard user account. Successful exploitation gives the attacker full read access to all data accessible by Oracle Solaris and the ability to cause a complete denial of service through repeated crashes or a system hang. HarborGuard is tracking this advisory and will make a patched-image rebuild available the moment Oracle publishes a fix version.

HarborGuard Coverage

Detection

Detection of CVE-2026-46914 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images that bundle Oracle Solaris 11.4 base layers. Any image in a connected registry or CI pipeline that carries the affected component surfaces immediately in scan results.

Available

Triage

HarborGuard scores this CVE at CVSS 7.1 (HIGH) and weights it against each environment's configured compliance policy to determine urgency and routing. Triage findings are delivered to the appropriate team inbox within each customer organization based on image ownership and policy rules.

Available

Patch

Because no fix version has been published by Oracle, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is released. For customers with auto-remediation enabled, a rebuilt image, regression-test run, and a PR opened against affected workloads will follow without manual intervention once the fix is available.

Pending upstream

Exploit Conditions

Network reachabilityNot required
The attacker needs an existing shell or process on the host; no network access to the service is required.
AuthenticationRequired
Any low-privilege local account is sufficient; no administrative or elevated credentials are needed.
Victim interactionNot required
No user action or social engineering is required to trigger the vulnerability.
Attack complexityDetail
The exploit is reliable and condition-free, with no race conditions or special environmental factors required.

Blast Radius

Reads all data accessible to Oracle Solaris, including stored credentials, configuration files, and application data.
Causes a complete denial of service by triggering a system hang or repeatedly crashing the Oracle Solaris instance.
Disrupts any workloads or services depending on the affected Solaris host for the duration of the outage.

How HarborGuard Handles This

Available on HarborGuard: because Oracle has not yet published a fix for CVE-2026-46914, HarborGuard monitors the advisory on every ingest cycle and will automatically queue a patched-image rebuild the moment an upstream fix is released. For customers with auto-remediation enabled, that rebuild will be followed by a regression-test run and a PR opened against affected workloads with no manual steps required. In the meantime, compensating controls worth considering include restricting local logon access to Solaris 11.4 hosts to the minimum required set of accounts, applying network-policy isolation to limit lateral movement from a compromised host, and auditing filesystem access patterns for anomalous read activity that may indicate active exploitation.

See how HarborGuard automates this

Affected packages

Oracle Corporation / Oracle Solaris
11.4

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

References

Oracle Advisory

Metrics

Get notified