An unauthenticated, critical vulnerability in Oracle Solaris allows remote attackers to manipulate or delete sensitive data without any user interaction.

The Remote Administration Daemon in Solaris 11.4 lacks proper authentication checks, permitting an unauthenticated attacker with network access to perform unauthorized data modifications. The vulnerability is network-exploitable via HTTPS and carries a high risk of data integrity loss.

With a CVSS score of 10.0, this flaw represents a significant risk to the integrity and confidentiality of critical Oracle Solaris systems. Successful exploitation could allow an attacker to destroy or alter sensitive business data, potentially causing irreversible service disruption and loss of critical information.

Immediate Action: Apply the relevant security patch from the Oracle June 2026 Critical Security Patch Update to all Solaris 11.4 installations.

Proactive Monitoring: Review audit logs for unauthorized access attempts to the Remote Administration Daemon and monitor for unexpected modifications to critical system files.

Compensating Controls: Restrict access to the Remote Administration Daemon to trusted network ranges and ensure the service is not exposed to the public internet.

Public Exploit Available: False

Organizations running Oracle Solaris 11.4 must treat this vulnerability with the highest priority. Given the ease of exploitation and the potential for complete data compromise, patching should be scheduled immediately to maintain system integrity.