Home · Live brief · Weekly 2026-W26
CVE-2026-46978 / CVE-2026-35278 — Oracle June 2026 CSPU: unauthenticated Solaris RAD flaw (10.0) and PeopleSoft RCE (9.8)
notable vulnerability discovered 2026-06-22 00:14 UTC
Entities: ShinyHunters
Part of run 2026-W25-0aacfe65 (weekly · Claude Opus 4.8)
Oracle's June Critical Security Patch Update shipped 245 fixes on 2026-06-17, around 100 remotely exploitable without authentication, headlined by an unauthenticated Solaris Remote Administration Daemon flaw (CVE-2026-46978, CVSS 10.0) and a PeopleSoft RCE (CVE-2026-35278, 9.8) (Oracle CSPU; daily 06-18). The PeopleSoft fix lands in the middle of the ShinyHunters PeopleSoft campaign (§ 2) — prioritise PeopleSoft and any internet-reachable Solaris RAD instances.