Oracle has released its April 2026 Critical Patch Update (CPU), delivering 481 new security patches across 28 product families. This massive update addresses approximately 450 unique vulnerabilities. Alarmingly, over 300 of these fixes resolve flaws that are remotely exploitable without authentication, meaning attackers could compromise systems without needing legitimate user credentials.
How to check if you’re affected
Organizations utilizing Oracle products such as Oracle Database, Fusion Middleware, Java SE, and various enterprise applications should immediately review the Oracle CPU advisory for April 2026. Compare the affected product versions listed in the advisory against your current inventory. Prioritize patching external-facing systems and those processing sensitive data.
Sources
- Oracle Critical Patch Update Advisory - April 2026 (Placeholder link)
- SecurityWeek Coverage