Oracle CSPU May 2026: 35 Critical Vulnerabilities Addressed

Oracle CSPU May 2026: 35 Critical Vulnerabilities Addressed

First seen 29 May 2026, 04:11 UTC TenableBlogs.OracleHeise.DeCybersecuritynewsCcb.Belgium.Be+20 86% similarity 72.0

Article Content

Browse articles
ThreatCluster

Oracle released its first Critical Security Patch Update (CSPU) on May 28, 2026, addressing 35 vulnerabilities across multiple product families, including Oracle Database, Oracle REST Data Services, and Oracle E-Business Suite. Among these, CVE-2026-46840 and CVE-2026-34311 are rated critical, with CVSS scores of 10.0 and 9.8, respectively. Attackers can exploit several vulnerabilities remotely without authentication, posing significant risks to organizations using affected Oracle products. The CSPU is part of Oracle's new monthly update strategy, aimed at providing timely security fixes. Security professionals are urged to apply the patches immediately to mitigate risks associated with these vulnerabilities. The update follows a history of exploitation of Oracle vulnerabilities, emphasizing the need for prompt action.

Key Points: • Oracle's CSPU addresses 35 vulnerabilities, including 11 critical ones. • CVE-2026-46840 has a CVSS score of 10.0, indicating severe risk. • Immediate patching is recommended to prevent potential exploitation.

ThreatCluster AI

Timeline

2026-04-14
CVE-2026-2332 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-04-20
CVE-2026-33557 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-05-28
Oracle CSPU released
Oracle released its first Critical Security Patch Update addressing 35 vulnerabilities across multiple products.
Tenable
2026-05-28
CVE-2026-46840 published
CVE-2026-46840 affects Oracle REST Data Services and is easily exploitable without authentication.
Ccb.Belgium.Be
2026-05-28
CVE-2026-34311 published
CVE-2026-34311 is a critical vulnerability in Oracle Hospitality OPERA 5 with a CVSS score of 9.8.
Heise.De
2026-05-28
CVE-2026-46775 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-05-28
CVE-2026-46824 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-05-28
CVE-2026-46833 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-05-28
CVE-2026-46822 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-05-28
CVE-2026-46839 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE

Community

Browse all →