Skip to content

Oracle Launches Monthly Patch Cycle with 35 Vulnerabilities, Eleven Critical

At a glance: Oracle introduces monthly patch updates to address critical vulnerabilities faster—the first batch contains 35 flaws with CVSS scores up to 10.

Oracle has released the first Critical Security Patch Update (CSPU) from a new monthly patch cycle to address urgent security gaps between regular quarterly patches. The first batch covers 35 vulnerabilities, including eleven with critical severity and several with publicly available exploit code.

The distribution of vulnerabilities includes 11 critical, 18 high, and 6 medium severity ratings. Among the eleven critically rated flaws are gaps in Oracle REST Data Services (CVE-2026-46840, CVE-2026-46775, CVE-2026-46839), Oracle E-Business Suite (CVE-2026-46822), the Universal Work Queue (CVE-2026-46824), and Oracle Payments (CVE-2026-46817).

Patch teams should, however, prioritize older yet serious vulnerabilities for which proof-of-concept exploits are available: CVE-2025-15467, CVE-2025-58050, and CVE-2026-25646 in Oracle Communications Unified Assurance, as well as CVE-2026-2332 in REST Data Services. These affect open-source components in Oracle products; CVE-2025-58050 was already publicly disclosed in August 2024, underscoring delays in remediation of supply-chain vulnerabilities.


Source: www.csoonline.com · Published 1 June 2026
Lumi AI News — AI-assisted curation according to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.8.

Share on: