Oracle Solaris Third Party Bulletin - April 2026
Description
The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities addressed in third party software that is included in Oracle Solaris distributions. Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e. the two months between the normal quarterly Critical Patch Update publication dates). In addition, Third Party Bulletins may also be updated for vulnerability issues deemed too critical to wait for the next monthly update.
Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Third Party Bulletin security patches as soon as possible.
Patch Availability
- For Solaris 11.4, please visit My Oracle Support Note KB161496
- For other Solaris versions in Extended Support or Out of Support, please visit My Oracle Support Note CPU57
Third Party Bulletin Schedule
Third Party Bulletins are released on the third Tuesday of January, April, July, and October. The next four dates are:
- 21 July 2026
- 20 October 2026
- 19 January 2027
- 20 April 2027
References
- Oracle Critical Patch Updates, Security Alerts and Bulletins
- Oracle Critical Patch Updates and Security Alerts - Frequently Asked Questions
- Risk Matrix Definitions
- Use of Common Vulnerability Scoring System (CVSS) by Oracle
- Map of CVE to Bulletin
Modification History
| Date | Note |
|---|---|
| 2026-June-16 | Rev 2. Added CVEs fixed in Solaris 11.4 SRU 93 |
| 2026-April-21 | Rev 1. Initial Release |
Oracle Solaris Executive Summary
This Oracle Solaris Bulletin contains 126 new security patches for the Oracle Solaris Operating System. 85 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
Oracle Solaris Third Party Bulletin Risk Matrix
Revision 2: Published on 2026-06-16
| CVE ID | Product | Third Party component |
Protocol | Remote Exploit without Auth.? |
CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected |
Notes | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Base Score |
Attack Vector |
Attack Complexity |
Privs Req'd |
User Interact |
Scope | Confid- entiality |
Inte- grity |
Avail- ability |
|||||||
| CVE-2025-32433 | Oracle Solaris | Erlang | Multiple | Yes | 10 | Network | Low | None | None | Changed | High | High | High | 11.4 | |
| CVE-2026-27143 | Oracle Solaris | Go Programming Language | Multiple | Yes | 9.8 | Network | Low | None | None | Un- changed |
High | High | High | 11.4 | See Note 1 |
| CVE-2026-28780 | Oracle Solaris | Apache HTTP server | Multiple | Yes | 9.8 | Network | Low | None | None | Un- changed |
High | High | High | 11.4 | See Note 2 |
| CVE-2026-31789 | Oracle Solaris | OpenSSL | None | Yes | 9.8 | Network | Low | None | None | Un- changed |
High | High | High | 11.4 | See Note 3 |
| CVE-2026-34714 | Oracle Solaris | VIM | None | No | 9.2 | Local | Low | None | None | Changed | High | High | Low | 11.4 | |
| CVE-2025-66614 | Oracle Solaris | Apache Tomcat | None | Yes | 9.1 | Network | Low | None | None | Un- changed |
High | High | None | 11.4 | See Note 4 |
| CVE-2026-1861 | Oracle Solaris | Libvpx | Multiple | Yes | 8.8 | Network | Low | None | Required | Un- changed |
High | High | High | 11.4 | |
| CVE-2026-3083 | Oracle Solaris | GStreamer | Multiple | Yes | 8.8 | Network | Low | None | Required | Un- changed |
High | High | High | 11.4 | See Note 5 |
| CVE-2025-10728 | Oracle Solaris | Qt Toolkit | None | No | 8.6 | Local | Low | None | Required | Changed | High | High | High | 11.4 | See Note 6 |
| CVE-2026-1761 | Oracle Solaris | libsoup | Multiple | Yes | 8.6 | Network | Low | None | None | Un- changed |
Low | High | Low | 11.4 | See Note 7 |
| CVE-2026-25897 | Oracle Solaris | ImageMagick | Multiple | Yes | 8.6 | Network | Low | None | None | Changed | High | None | None | 11.4 | See Note 8 |
| CVE-2026-34352 | Oracle Solaris | VNC | None | No | 8.5 | Local | Low | None | None | Changed | High | Low | Low | 11.4 | |
| CVE-2026-24881 | Oracle Solaris | GnuPG | None | No | 8.4 | Local | Low | None | None | Un- changed |
High | High | High | 11.4 | See Note 9 |
| CVE-2025-13462 | Oracle Solaris | Python | Multiple | Yes | 8.2 | Network | Low | None | None | Un- changed |
Low | High | None | 11.4 | See Note 10 |
| CVE-2025-52194 | Oracle Solaris | Libsndfile | Multiple | Yes | 8.2 | Network | Low | None | None | Un- changed |
None | Low | High | 11.4 | |
| CVE-2025-55131 | Oracle Solaris | Node.js | Multiple | Yes | 8.1 | Network | High | None | None | Un- changed |
High | High | High | 11.4 | See Note 11 |
| CVE-2026-22770 | Oracle Solaris | ImageMagick | Multiple | Yes | 8.1 | Network | High | None | None | Un- changed |
High | High | High | 11.4 | See Note 12 |
| CVE-2026-25646 | Oracle Solaris | LibPNG | Multiple | Yes | 8.1 | Network | High | None | None | Un- changed |
High | High | High | 11.4 | |
| CVE-2026-27459 | Oracle Solaris | Openssl Python Bindings | Multiple | Yes | 8.1 | Network | High | None | None | Un- changed |
High | High | High | 11.4 | See Note 13 |
| CVE-2026-28693 | Oracle Solaris | ImageMagick | Multiple | Yes | 8.1 | Network | High | None | None | Un- changed |
High | High | High | 11.4 | See Note 14 |
| CVE-2026-28808 | Oracle Solaris | Erlang | Multiple | No | 8.1 | Network | Low | Low | None | Un- changed |
High | High | None | 11.4 | See Note 15 |
| CVE-2025-68973 | Oracle Solaris | GnuPG | None | No | 7.8 | Local | High | None | None | Changed | High | High | None | 11.4 | |
| CVE-2025-7424 | Oracle Solaris | libxslt | None | No | 7.8 | Local | High | None | None | Changed | None | High | High | 11.4 | |
| CVE-2026-2921 | Oracle Solaris | GStreamer | None | No | 7.8 | Local | Low | None | Required | Un- changed |
High | High | High | 11.4 | |
| CVE-2026-4775 | Oracle Solaris | LibTIFF | None | No | 7.8 | Local | Low | None | Required | Un- changed |
High | High | High | 11.4 | |
| Oracle Solaris | Wireshark | None | No | 7.8 | Local | Low | None | Required | Un- changed |
High | High | High | 11.4 | ||
| CVE-2023-5728 | Oracle Solaris | SpiderMonkey | Multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
None | None | High | 11.4 | |
| CVE-2024-36137 | Oracle Solaris | Node.js | Multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
None | None | High | 11.4 | See Note 16 |
| CVE-2025-13151 | Oracle Solaris | GNU Libtasn1 | Multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
None | None | High | 11.4 | |
| CVE-2025-13836 | Oracle Solaris | Python | Multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
None | None | High | 11.4 | See Note 17 |
| CVE-2025-13878 | Oracle Solaris | Bind | Multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
None | None | High | 11.4 | |
| CVE-2025-30211 | Oracle Solaris | Erlang | Multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
None | None | High | 11.4 | |
| CVE-2025-70873 | Oracle Solaris | SQLite3 | Multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
High | None | None | 11.4 | |
| CVE-2026-1519 | Oracle Solaris | Bind | Multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
None | None | High | 11.4 | See Note 18 |
| CVE-2026-21441 | Oracle Solaris | Urllib3 | Multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
None | None | High | 11.4 | |
| CVE-2026-21619 | Oracle Solaris | Elixir | Multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
None | None | High | 11.4 | |
| CVE-2026-22262 | Oracle Solaris | Suricata | Multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
None | None | High | 11.4 | See Note 19 |
| CVE-2026-27135 | Oracle Solaris | Nghttp2 | Multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
None | None | High | 11.4 | |
| CVE-2026-29146 | Oracle Solaris | Apache Tomcat | Multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
High | None | None | 11.4 | See Note 20 |
| CVE-2026-30922 | Oracle Solaris | Asn.1 Types And Codecs | Multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
None | None | High | 11.4 | |
| CVE-2026-3201 | Oracle Solaris | Wireshark | Multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
None | None | High | 11.4 | See Note 21 |
| CVE-2026-32748 | Oracle Solaris | Squid | Multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
None | None | High | 11.4 | See Note 22 |
| CVE-2026-33416 | Oracle Solaris | LibPNG | Multiple | Yes | 7.5 | Network | High | None | Required | Un- changed |
High | High | High | 11.4 | |
| CVE-2026-35385 | Oracle Solaris | OpenSSH | Multiple | Yes | 7.5 | Network | High | None | Required | Un- changed |
High | High | High | 11.4 | See Note 23 |
| CVE-2026-4111 | Oracle Solaris | Libarchive | Multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
None | None | High | 11.4 | |
| CVE-2026-4277 | Oracle Solaris | Django | Multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
None | High | None | 11.4 | See Note 24 |
| CVE-2026-4688 | Oracle Solaris | Thunderbird | Multiple | Yes | 7.5 | Network | High | None | Required | Un- changed |
High | High | High | 11.4 | See Note 25 |
| CVE-2026-4688 | Oracle Solaris | Firefox | Multiple | Yes | 7.5 | Network | High | None | Required | Un- changed |
High | High | High | 11.4 | See Note 26 |
| CVE-2026-5201 | Oracle Solaris | libsoup | Multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
None | None | High | 11.4 | |
| CVE-2022-4055 | Oracle Solaris | xdg-utils | Multiple | Yes | 7.4 | Network | Low | None | Required | Changed | None | High | None | 11.4 | |
| CVE-2026-26007 | Oracle Solaris | Python cryptographic standard library | Multiple | Yes | 7.4 | Network | High | None | None | Un- changed |
High | High | None | 11.4 | |
| CVE-2026-35535 | Oracle Solaris | Sudo | None | No | 7.4 | Local | High | None | None | Un- changed |
High | High | High | 11.4 | |
| CVE-2026-41035 | Oracle Solaris | RSYNC | Multiple | No | 7.4 | Network | Low | Low | None | Changed | Low | Low | Low | 11.4 | |
| CVE-2025-11468 | Oracle Solaris | Python | Multiple | No | 7.1 | Network | Low | Low | None | Un- changed |
Low | High | None | 11.4 | See Note 27 |
| CVE-2026-4519 | Oracle Solaris | Python | Multiple | Yes | 7.1 | Network | High | None | Required | Un- changed |
High | High | Low | 11.4 | |
| CVE-2026-24515 | Oracle Solaris | libexpat | None | No | 6.9 | Local | High | None | None | Un- changed |
High | High | Low | 11.4 | See Note 28 |
| CVE-2026-22801 | Oracle Solaris | LibPNG | None | No | 6.8 | Local | Low | None | None | Un- changed |
Low | None | High | 11.4 | See Note 29 |
| CVE-2024-2699 | Oracle Solaris | Avahi | Multiple | Yes | 6.5 | Network | Low | None | Required | Un- changed |
None | None | High | 11.4 | See Note 30 |
| CVE-2025-26618 | Oracle Solaris | Erlang | Multiple | No | 6.5 | Network | Low | Low | None | Un- changed |
None | None | High | 11.4 | |
| CVE-2026-2369 | Oracle Solaris | libsoup | Multiple | Yes | 6.5 | Network | Low | None | None | Un- changed |
Low | None | Low | 11.4 | See Note 31 |
| CVE-2026-2436 | Oracle Solaris | libsoup | Multiple | Yes | 6.5 | Network | High | None | None | Un- changed |
None | Low | High | 11.4 | |
| CVE-2026-33699 | Oracle Solaris | Pypdf | Multiple | Yes | 6.5 | Network | Low | None | Required | Un- changed |
None | None | High | 11.4 | See Note 32 |
| CVE-2025-48038 | Oracle Solaris | Erlang | Multiple | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 11.4 | See Note 33 |
| CVE-2026-1467 | Oracle Solaris | libsoup | Multiple | Yes | 6.1 | Network | Low | None | Required | Changed | Low | Low | None | 11.4 | |
| CVE-2026-0990 | Oracle Solaris | libxml2 | Multiple | Yes | 5.9 | Network | High | None | None | Un- changed |
None | None | High | 11.4 | |
| CVE-2026-1539 | Oracle Solaris | libsoup | Multiple | Yes | 5.8 | Network | Low | None | None | Changed | None | Low | None | 11.4 | See Note 34 |
| CVE-2026-1764 | Oracle Solaris | libsoup | None | No | 5.6 | Local | Low | Low | Required | Un- changed |
Low | None | High | 11.4 | See Note 35 |
| CVE-2026-2604 | Oracle Solaris | libsoup | None | No | 5.6 | Local | Low | Low | Required | Un- changed |
None | High | Low | 11.4 | |
| CVE-2025-59798 | Oracle Solaris | Ghostscript | None | No | 5.5 | Local | Low | Low | None | Un- changed |
None | None | High | 11.4 | See Note 36 |
| CVE-2025-60753 | Oracle Solaris | Libarchive | None | No | 5.5 | Local | Low | None | Required | Un- changed |
None | None | High | 11.4 | |
| CVE-2026-23941 | Oracle Solaris | Erlang | Multiple | Yes | 5.4 | Network | High | None | None | Changed | Low | Low | None | 11.4 | See Note 37 |
| CVE-2025-14524 | Oracle Solaris | libcurl | Multiple | Yes | 5.3 | Network | High | None | Required | Un- changed |
High | None | None | 11.4 | |
| CVE-2025-14819 | Oracle Solaris | libcurl | Multiple | Yes | 5.3 | Network | High | None | Required | Un- changed |
High | None | None | 11.4 | |
| CVE-2025-56226 | Oracle Solaris | Libsndfile | Multiple | Yes | 5.3 | Network | Low | None | None | Un- changed |
None | None | Low | 11.4 | |
| CVE-2025-68618 | Oracle Solaris | ImageMagick | Multiple | Yes | 5.3 | Network | Low | None | None | Un- changed |
None | None | Low | 11.4 | See Note 38 |
| CVE-2026-1760 | Oracle Solaris | libsoup | Multiple | Yes | 5.3 | Network | Low | None | None | Un- changed |
None | None | Low | 11.4 | |
| CVE-2026-1801 | Oracle Solaris | libsoup | Multiple | Yes | 5.3 | Network | Low | None | None | Un- changed |
None | Low | None | 11.4 | |
| CVE-2026-22693 | Oracle Solaris | Harfbuzz | Multiple | Yes | 5.3 | Network | Low | None | None | Un- changed |
None | None | Low | 11.4 | |
| CVE-2026-22701 | Oracle Solaris | Platform Independent File Lock | None | No | 5.3 | Local | High | Low | None | Un- changed |
None | Low | High | 11.4 | |
| CVE-2026-23865 | Oracle Solaris | FreeType | None | No | 5.3 | Local | Low | None | Required | Un- changed |
Low | Low | Low | 11.4 | |
| CVE-2026-34714 | Oracle Solaris | VIM | None | No | 5.3 | Local | High | None | Required | Un- changed |
Low | High | None | 11.4 | See Note 39 |
| CVE-2026-34714 | Oracle Solaris | VIM | None | No | 5.3 | Local | Low | None | Required | Un- changed |
Low | Low | Low | 11.4 | See Note 40 |
| CVE-2026-34743 | Oracle Solaris | Gzip | Multiple | Yes | 5.3 | Network | Low | None | None | Un- changed |
None | None | Low | 11.4 | |
| CVE-2026-39892 | Oracle Solaris | Python cryptographic standard library | Multiple | Yes | 5.3 | Network | Low | None | None | Un- changed |
None | None | Low | 11.4 | |
| CVE-2025-4748 | Oracle Solaris | Erlang | None | No | 5.1 | Local | Low | None | None | Un- changed |
None | Low | Low | 11.4 | |
| CVE-2026-33535 | Oracle Solaris | ImageMagick | None | No | 5.1 | Local | High | None | None | Un- changed |
None | None | High | 11.4 | See Note 41 |
| CVE-2026-34757 | Oracle Solaris | LibPNG | None | No | 5.1 | Local | Low | None | None | Un- changed |
Low | Low | None | 11.4 | |
| CVE-2025-65955 | Oracle Solaris | ImageMagick | None | No | 4.9 | Local | High | None | None | Un- changed |
Low | Low | Low | 11.4 | |
| CVE-2026-22702 | Oracle Solaris | Certifi | None | No | 4.5 | Local | High | Low | None | Un- changed |
Low | Low | Low | 11.4 | |
| CVE-2026-25645 | Oracle Solaris | Requests | None | No | 4.4 | Local | High | Low | Required | Un- changed |
None | High | None | 11.4 | |
| CVE-2026-21620 | Oracle Solaris | Erlang | Multiple | No | 4.2 | Network | High | Low | None | Un- changed |
Low | Low | None | 11.4 | |
| CVE-2026-32776 | Oracle Solaris | libexpat | None | No | 4 | Local | Low | None | None | Un- changed |
None | None | Low | 11.4 | See Note 42 |
| CVE-2025-46712 | Oracle Solaris | Erlang | Multiple | Yes | 3.7 | Network | High | None | None | Un- changed |
None | Low | None | 11.4 | |
| CVE-2026-0989 | Oracle Solaris | libxml2 | Multiple | Yes | 3.7 | Network | High | None | None | Un- changed |
None | None | Low | 11.4 | |
| CVE-2026-34073 | Oracle Solaris | Python cryptographic standard library | Multiple | Yes | 3.7 | Network | High | None | None | Un- changed |
None | Low | None | 11.4 | |
| CVE-2025-8732 | Oracle Solaris | libxml2 | None | No | 3.3 | Local | Low | Low | None | Un- changed |
None | None | Low | 11.4 | |
| CVE-2026-2297 | Oracle Solaris | Python | None | No | 3.3 | Local | Low | Low | None | Un- changed |
None | Low | None | 11.4 | |
| CVE-2026-2903 | Oracle Solaris | re2c | None | No | 3.3 | Local | Low | Low | None | Un- changed |
None | None | Low | 11.4 | |
| CVE-2026-4539 | Oracle Solaris | Pygments | None | No | 3.3 | Local | Low | Low | None | Un- changed |
None | None | Low | 11.4 | |
| CVE-2025-11731 | Oracle Solaris | libxslt | Multiple | Yes | 3.1 | Network | High | None | Required | Un- changed |
None | None | Low | 11.4 | |
| CVE-2026-1703 | Oracle Solaris | PIP | Multiple | Yes | 3.1 | Network | High | None | Required | Un- changed |
None | Low | None | 11.4 | |
| CVE-2026-0992 | Oracle Solaris | libxml2 | None | No | 2.9 | Local | High | None | None | Un- changed |
None | None | Low | 11.4 | |
| CVE-2026-27171 | Oracle Solaris | Zlib | None | No | 2.9 | Local | High | None | None | Un- changed |
None | None | Low | 11.4 | |
Revision 1: Published on 2026-04-21
| CVE ID | Product | Third Party component |
Protocol | Remote Exploit without Auth.? |
CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) | Supported Versions Affected |
Notes | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Base Score |
Attack Vector |
Attack Complexity |
Privs Req'd |
User Interact |
Scope | Confid- entiality |
Inte- grity |
Avail- ability |
|||||||
| CVE-2025-56005 | Oracle Solaris | Lex/Yacc Parser For Python | Multiple | Yes | 9.8 | Network | Low | None | None | Un- changed |
High | High | High | 11.4 | |
| CVE-2026-2760 | Oracle Solaris | Thunderbird | Multiple | Yes | 9.8 | Network | Low | None | None | Un- changed |
High | High | High | 11.4 | See Note 43 |
| CVE-2026-2760 | Oracle Solaris | Firefox | Multiple | Yes | 9.8 | Network | Low | None | None | Un- changed |
High | High | High | 11.4 | See Note 44 |
| CVE-2026-2447 | Oracle Solaris | Firefox | Multiple | Yes | 8.8 | Network | Low | None | Required | Un- changed |
High | High | High | 11.4 | |
| CVE-2025-68121 | Oracle Solaris | Go Programming Language | None | No | 8.6 | Local | Low | None | Required | Changed | High | High | High | 11.4 | See Note 45 |
| CVE-2026-23949 | Oracle Solaris | Python Setuptools | Multiple | Yes | 8.6 | Network | Low | None | None | Changed | High | None | None | 11.4 | |
| CVE-2026-3497 | Oracle Solaris | OpenSSH | Multiple | Yes | 8.2 | Network | Low | None | None | Un- changed |
Low | High | None | 11.4 | |
| CVE-2025-14550 | Oracle Solaris | Django | Multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
None | None | High | 11.4 | See Note 46 |
| CVE-2026-0879 | Oracle Solaris | Thunderbird | Multiple | Yes | 7.5 | Network | High | None | Required | Un- changed |
High | High | High | 11.4 | See Note 47 |
| CVE-2026-0879 | Oracle Solaris | Firefox | Multiple | Yes | 7.5 | Network | High | None | Required | Un- changed |
High | High | High | 11.4 | See Note 48 |
| CVE-2026-23490 | Oracle Solaris | Asn.1 Types And Codecs | Multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
None | None | High | 11.4 | |
| CVE-2026-25673 | Oracle Solaris | Django | Multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
None | None | High | 11.4 | See Note 49 |
| CVE-2026-25679 | Oracle Solaris | Go Programming Language | Multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
None | None | High | 11.4 | See Note 50 |
| CVE-2026-27628 | Oracle Solaris | Pypdf | Multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
None | None | High | 11.4 | See Note 51 |
| CVE-2025-68121 | Oracle Solaris | Go Programming Language | Multiple | Yes | 7.4 | Network | High | None | None | Un- changed |
High | High | None | 11.4 | See Note 52 |
| CVE-2026-25990 | Oracle Solaris | Python Imaging Library (PIL) | Multiple | Yes | 7.3 | Network | Low | None | None | Un- changed |
Low | Low | Low | 11.4 | |
| CVE-2026-24049 | Oracle Solaris | Python Wheel | None | No | 7.1 | Local | Low | None | Required | Un- changed |
None | High | High | 11.4 | |
| CVE-2026-25749 | Oracle Solaris | VIM | None | No | 6.6 | Local | Low | Low | Required | Un- changed |
None | High | High | 11.4 | |
| CVE-2026-22690 | Oracle Solaris | Pypdf | Multiple | Yes | 6.5 | Network | Low | None | Required | Un- changed |
None | None | High | 11.4 | See Note 53 |
| CVE-2026-31826 | Oracle Solaris | Pypdf | Multiple | Yes | 6.5 | Network | Low | None | Required | Un- changed |
None | None | High | 11.4 | |
| CVE-2026-26269 | Oracle Solaris | VIM | Multiple | Yes | 5.4 | Network | Low | None | Required | Un- changed |
None | Low | Low | 11.4 | |
| CVE-2026-24688 | Oracle Solaris | Pypdf | Multiple | Yes | 5.3 | Network | Low | None | None | Un- changed |
None | None | Low | 11.4 | |
| CVE-2026-3497 | Oracle Solaris | OpenSSH | Multiple | Yes | 5.3 | Network | Low | None | None | Un- changed |
Low | None | None | 11.4 | |
Notes:
1. This patch also addresses CVE-2026-27140 CVE-2026-27144 CVE-2026-32280 CVE-2026-32281 CVE-2026-32283 CVE-2026-32288 CVE-2026-32289.2. This patch also addresses CVE-2026-23918 CVE-2026-24072 CVE-2026-29168 CVE-2026-29169 CVE-2026-33006 CVE-2026-33007 CVE-2026-33523 CVE-2026-33857 CVE-2026-34032 CVE-2026-34059.
3. This patch also addresses CVE-2026-28386 CVE-2026-28387 CVE-2026-28388 CVE-2026-28389 CVE-2026-28390 CVE-2026-31790.
4. This patch also addresses CVE-2026-24733 CVE-2026-24734.
5. This patch also addresses CVE-2026-3085.
6. This patch also addresses CVE-2025-10729.
7. This patch also addresses CVE-2026-1760.
8. This patch also addresses CVE-2026-24481 CVE-2026-24484 CVE-2026-24485 CVE-2026-25576 CVE-2026-25637 CVE-2026-25638 CVE-2026-25794 CVE-2026-25795 CVE-2026-25796 CVE-2026-25797 CVE-2026-25798 CVE-2026-25799 CVE-2026-25898 CVE-2026-25965 CVE-2026-25966 CVE-2026-25967 CVE-2026-25968 CVE-2026-25969 CVE-2026-25970 CVE-2026-25971 CVE-2026-25982 CVE-2026-25983 CVE-2026-25985 CVE-2026-25986 CVE-2026-25987 CVE-2026-25988 CVE-2026-25989 CVE-2026-26066 CVE-2026-26283 CVE-2026-26284 CVE-2026-26983 CVE-2026-27798 CVE-2026-27799.
9. This patch also addresses CVE-2022-3219 CVE-2026-24882 CVE-2026-24883.
10. This patch also addresses CVE-2026-0672 CVE-2026-3644 CVE-2026-4224.
11. This patch also addresses CVE-2025-55130 CVE-2025-55132 CVE-2025-59464 CVE-2025-59465 CVE-2025-59466 CVE-2026-21636 CVE-2026-21637.
12. This patch also addresses CVE-2026-23874 CVE-2026-23876 CVE-2026-23952.
13. This patch also addresses CVE-2026-27448.
14. This patch also addresses CVE-2026-28493 CVE-2026-28494 CVE-2026-28686 CVE-2026-28687 CVE-2026-28689 CVE-2026-28690 CVE-2026-28691 CVE-2026-28692 CVE-2026-30883 CVE-2026-30929 CVE-2026-30931 CVE-2026-30935 CVE-2026-30936 CVE-2026-30937 CVE-2026-31853 CVE-2026-32259 CVE-2026-32636.
15. This patch also addresses CVE-2026-28810 CVE-2026-32144.
16. This patch also addresses CVE-2026-21637 CVE-2026-21710 CVE-2026-21711 CVE-2026-21712 CVE-2026-21713 CVE-2026-21714 CVE-2026-21715 CVE-2026-21716 CVE-2026-21717.
17. This patch also addresses CVE-2025-12084 CVE-2025-13837.
18. This patch also addresses CVE-2026-3104 CVE-2026-3119 CVE-2026-3591.
19. This patch also addresses CVE-2026-22258 CVE-2026-22259 CVE-2026-22260 CVE-2026-22261 CVE-2026-22263 CVE-2026-22264 CVE-2026-31931 CVE-2026-31932 CVE-2026-31933 CVE-2026-31934 CVE-2026-31935 CVE-2026-31937.
20. This patch also addresses CVE-2026-34483 CVE-2026-34486 CVE-2026-34487 CVE-2026-34500.
21. This patch also addresses CVE-2026-3202 CVE-2026-3203.
22. This patch also addresses CVE-2026-33515 CVE-2026-33526.
23. This patch also addresses CVE-2026-35386 CVE-2026-35387 CVE-2026-35388 CVE-2026-35414.
24. This patch also addresses CVE-2026-33033 CVE-2026-33034 CVE-2026-3902 CVE-2026-4292.
25. This patch also addresses CVE-2025-59375 CVE-2026-3889 CVE-2026-4371 CVE-2026-4684 CVE-2026-4685 CVE-2026-4686 CVE-2026-4687 CVE-2026-4689 CVE-2026-4690 CVE-2026-4691 CVE-2026-4692 CVE-2026-4693 CVE-2026-4694 CVE-2026-4695 CVE-2026-4696 CVE-2026-4697 CVE-2026-4698 CVE-2026-4699 CVE-2026-4700 CVE-2026-4701 CVE-2026-4702 CVE-2026-4704 CVE-2026-4705 CVE-2026-4706 CVE-2026-4707 CVE-2026-4708 CVE-2026-4709 CVE-2026-4710 CVE-2026-4711 CVE-2026-4712 CVE-2026-4713 CVE-2026-4714 CVE-2026-4715 CVE-2026-4716 CVE-2026-4717 CVE-2026-4718 CVE-2026-4719 CVE-2026-4720 CVE-2026-4721.
26. This patch also addresses CVE-2025-59375 CVE-2026-4684 CVE-2026-4685 CVE-2026-4686 CVE-2026-4687 CVE-2026-4689 CVE-2026-4690 CVE-2026-4691 CVE-2026-4692 CVE-2026-4693 CVE-2026-4694 CVE-2026-4695 CVE-2026-4696 CVE-2026-4697 CVE-2026-4698 CVE-2026-4699 CVE-2026-4700 CVE-2026-4701 CVE-2026-4702 CVE-2026-4704 CVE-2026-4705 CVE-2026-4706 CVE-2026-4707 CVE-2026-4708 CVE-2026-4709 CVE-2026-4710 CVE-2026-4711 CVE-2026-4712 CVE-2026-4713 CVE-2026-4714 CVE-2026-4715 CVE-2026-4716 CVE-2026-4717 CVE-2026-4718 CVE-2026-4719 CVE-2026-4720 CVE-2026-4721.
27. This patch also addresses CVE-2025-15282 CVE-2025-15366 CVE-2025-15367 CVE-2026-0672 CVE-2026-0865 CVE-2026-1299.
28. This patch also addresses CVE-2026-25210.
29. This patch also addresses CVE-2025-65018 CVE-2026-22695.
30. This patch also addresses CVE-2025-68276 CVE-2025-68468 CVE-2025-68471 CVE-2026-24401.
31. This patch also addresses CVE-2025-32052.
32. This patch also addresses CVE-2026-33123.
33. This patch also addresses CVE-2016-1000107 CVE-2025-48039 CVE-2025-48040 CVE-2025-48041.
34. This patch also addresses CVE-2026-1536.
35. This patch also addresses CVE-2026-1765 CVE-2026-1766 CVE-2026-1767.
36. This patch also addresses CVE-2025-59799 CVE-2025-59800 CVE-2025-59801.
37. This patch also addresses CVE-2026-23942 CVE-2026-23943.
38. This patch also addresses CVE-2025-68950 CVE-2025-69204.
39. This patch also addresses CVE-2026-33412.
40. This patch also addresses CVE-2026-25749 CVE-2026-28417 CVE-2026-28418 CVE-2026-28419 CVE-2026-28420 CVE-2026-28421 CVE-2026-28422 CVE-2026-32249 CVE-2026-33412 CVE-2026-39881.
41. This patch also addresses CVE-2026-33536.
42. This patch also addresses CVE-2026-32777 CVE-2026-32778.
43. This patch also addresses CVE-2026-2757 CVE-2026-2758 CVE-2026-2759 CVE-2026-2761 CVE-2026-2762 CVE-2026-2763 CVE-2026-2764 CVE-2026-2765 CVE-2026-2766 CVE-2026-2767 CVE-2026-2768 CVE-2026-2769 CVE-2026-2770 CVE-2026-2771 CVE-2026-2772 CVE-2026-2773 CVE-2026-2774 CVE-2026-2775 CVE-2026-2776 CVE-2026-2777 CVE-2026-2778 CVE-2026-2779 CVE-2026-2780 CVE-2026-2781 CVE-2026-2782 CVE-2026-2783 CVE-2026-2784 CVE-2026-2785 CVE-2026-2786 CVE-2026-2787 CVE-2026-2788 CVE-2026-2789 CVE-2026-2790 CVE-2026-2791 CVE-2026-2792 CVE-2026-2793.
44. This patch also addresses CVE-2026-2757 CVE-2026-2758 CVE-2026-2759 CVE-2026-2761 CVE-2026-2762 CVE-2026-2763 CVE-2026-2764 CVE-2026-2765 CVE-2026-2766 CVE-2026-2767 CVE-2026-2768 CVE-2026-2769 CVE-2026-2770 CVE-2026-2771 CVE-2026-2772 CVE-2026-2773 CVE-2026-2774 CVE-2026-2775 CVE-2026-2776 CVE-2026-2777 CVE-2026-2778 CVE-2026-2779 CVE-2026-2780 CVE-2026-2781 CVE-2026-2782 CVE-2026-2783 CVE-2026-2784 CVE-2026-2785 CVE-2026-2786 CVE-2026-2787 CVE-2026-2788 CVE-2026-2789 CVE-2026-2790 CVE-2026-2792 CVE-2026-2793.
45. This patch also addresses CVE-2025-61732.
46. This patch also addresses CVE-2025-13473 CVE-2026-1207 CVE-2026-1285 CVE-2026-1287 CVE-2026-1312.
47. This patch also addresses CVE-2025-14327 CVE-2026-0877 CVE-2026-0878 CVE-2026-0880 CVE-2026-0882 CVE-2026-0883 CVE-2026-0884 CVE-2026-0885 CVE-2026-0886 CVE-2026-0887 CVE-2026-0890 CVE-2026-0891.
48. This patch also addresses CVE-2025-14327 CVE-2026-0877 CVE-2026-0878 CVE-2026-0880 CVE-2026-0882 CVE-2026-0883 CVE-2026-0884 CVE-2026-0885 CVE-2026-0886 CVE-2026-0891.
49. This patch also addresses CVE-2026-25674.
50. This patch also addresses CVE-2026-27137 CVE-2026-27138 CVE-2026-27139 CVE-2026-27142.
51. This patch also addresses CVE-2026-27024 CVE-2026-27025 CVE-2026-27026 CVE-2026-27888 CVE-2026-28351 CVE-2026-28804.
52. This patch also addresses CVE-2025-61726 CVE-2025-61728 CVE-2025-61730 CVE-2025-61731 CVE-2025-68119.
53. This patch also addresses CVE-2026-22691.