Oracle released its first new monthly Critical Security Patch Update, fixing 77 vulnerabilities across several enterprise products used by businesses and public-sector organizations. The May 2026 update covers Oracle Database Server, REST Data Services, Communications, E-Business Suite, and Hospitality Applications, including about a dozen critical-severity flaws and multiple bugs that remote, unauthenticated attackers could exploit over a network. Oracle did not cite active exploitation in this notice but urged customers to patch quickly.
Why it matters: Organizations running affected Oracle software should treat this as a prompt patching event, especially where systems are internet-facing. Several flaws can be exploited remotely without logging in, so defenders should identify exposed Oracle services and apply the new updates as soon as possible.
Ionut Arghire
2026.06.02
100% relevant
This article establishes a distinct patching story: Oracle's launch of monthly CSPU releases and the first batch of 77 fixes affecting multiple Oracle product lines.
← Back to all stories