Back

Oracle April 2026 Critical Patch Update Addresses 241 CVEs

Severity: High (Score: 60.8)

Sources: www.oracle.com, Tenable

Summary

On April 21, 2026, Oracle released its Critical Patch Update (CPU) for April 2026, which includes 481 security patches addressing 241 unique CVEs across 28 product families. Among these, 34 patches are classified as critical, with the Oracle Communications product family receiving the highest number of patches at 139. The update aims to mitigate vulnerabilities that could be exploited, as Oracle has reported ongoing attempts to exploit known vulnerabilities. Customers are strongly urged to apply these patches promptly to protect their systems. The CVE-2026-21992 vulnerability, which was publicly disclosed on March 20, 2026, is among those addressed in this update. The patches cover a range of severity levels, with critical vulnerabilities representing 7.1% of the total updates. Oracle emphasizes the importance of staying updated with the latest patches to avoid potential exploitation. Key Points: • Oracle's April 2026 CPU includes 481 patches for 241 unique CVEs. • 34 critical patches were issued, with Oracle Communications receiving the most updates. • Customers are advised to apply patches immediately to mitigate known vulnerabilities.

Key Entities

  • Oracle (company)
  • CVE-2016-0000 (cve)
  • CVE-2021-0000 (cve)
  • CVE-2026-21992 (cve)
  • Fusion Middleware (platform)
  • Oracle Adapter For Eclipse Rdf4j (platform)
  • Oracle Analytics (platform)
  • Oracle APEX (platform)
  • Oracle Autonomous Health Framework (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed