CVE-2026-34281

MEDIUM

Oracle Corporation Oracle Solaris < 11.4 - Denial of Service

Title source: rule

Description

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).

References (1)

[Vendor Advisory] https://www.oracle.com/security-alerts/cpuapr2026.html

Scores

CVSS v3 6.5

EPSS 0.0002

EPSS Percentile 5.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-400

Status published

Products (2)

oracle/solaris 11.4

Oracle Corporation/Oracle Solaris 11.4

Published Apr 21, 2026

Tracked Since Apr 22, 2026