Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Oracle Releases Critical Patches for 35 Security Flaws

Oracle Releases Critical Patches for 35 Security Flaws

Posted on May 29, 2026 By CWS

Oracle has initiated its latest Critical Security Patch Update (CSPU), introducing 35 new security patches designed to address serious vulnerabilities across a range of major product lines. These include Oracle Database, Oracle REST Data Services, Oracle Communications Unified Assurance, Oracle E-Business Suite, and Oracle Hospitality OPERA 5.

Introduction of the Monthly CSPU Model

The newly launched CSPU model represents a streamlined, targeted approach to addressing urgent security concerns, designed to supplement Oracle’s established quarterly Critical Patch Updates (CPUs). This allows customers to quickly address critical vulnerabilities outside of the more comprehensive quarterly patch cycle.

Launched on May 28, 2026, the CSPU marks the start of Oracle’s monthly security update cycle, with future updates planned for most third Tuesdays of each month. Unlike the broader CPUs, which often include hundreds of patches, this CSPU specifically targets 35 vulnerabilities that Oracle has identified as requiring immediate attention.

Details of the New Security Patches

The recent patches cover not only Oracle’s proprietary code but also widely used third-party components integrated into Oracle products, like Apache Kafka, ActiveMQ, Tomcat, ZooKeeper, MySQL, PCRE2, libpng, and the Apache HTTP Server.

Within the database stack, three new security patches have been released for Oracle Database Server versions 23.4.0 through 23.26.2, specifically targeting the Net Service component. These vulnerabilities, identified as CVE-2026-46833, CVE-2026-46834, and CVE-2026-46835, can be exploited remotely over TLS without requiring authentication, highlighting the critical need for patching, especially in environments where Oracle client libraries are exposed to untrusted networks.

Impact on Various Oracle Products

Oracle REST Data Services (ORDS) versions 24.2.0 to 26.1.0 have been notably affected, with 11 new security patches and updates to bundled third-party components. Seven of these vulnerabilities can be exploited remotely over HTTPS without user credentials, impacting ORDS core, Backend-as-a-Service, MongoAPI, and the Eclipse Jetty stack. One of the vulnerabilities, CVE-2026-46840, presents a severe risk with a CVSS v3.1 base score of 10.0, indicating a complete compromise of confidentiality, integrity, and availability if exploited.

Oracle Communications Unified Assurance versions 6.1.1 through 7.0.0 have received eight new patches, including four that can be remotely exploited without authentication in messaging and core web components. Furthermore, the CSPU provides 12 new fixes for Oracle E-Business Suite 12.2.3–12.2.15, impacting modules such as Payments, Payroll, iAssets, Flow Manufacturing, and Financials Common Modules.

In the hospitality sector, Oracle Hospitality OPERA 5 Property Services faces a critical issue with CVE-2026-34311, a remote vulnerability scoring 9.8 that affects multiple 5.6.x releases.

Importance of Immediate Patch Deployment

The advisory emphasizes the importance of promptly applying these patches, as attackers may exploit already-patched vulnerabilities where updates have been delayed. Oracle strongly advises the immediate deployment of CSPU patches across all supported versions to mitigate risks.

While temporary measures such as blocking affected network protocols or removing unnecessary privileges might reduce risk, Oracle warns these should not replace long-term solutions, as they may disrupt application functionality. Ensuring robust security requires consistent and timely patching of the underlying code.

Cyber Security News Tags:Apache, critical update, CSPU, CVE, Cybersecurity, database security, E-Business Suite, hospitality software, Oracle, patch management, REST Data Services, security patch, Vulnerabilities

Post navigation

Previous Post: NPM Package Steals OpenAI Codex Tokens
Next Post: Charter Communications Breach Exposes Millions

Related Posts

Researchers Detailed North Korean Threat Actors Technical Strategies to Uncover Illicit Access Researchers Detailed North Korean Threat Actors Technical Strategies to Uncover Illicit Access Cyber Security News
NDSS Symposium 2027 Set for Seoul Launch NDSS Symposium 2027 Set for Seoul Launch Cyber Security News
FortiPAM and FortiSwitch Manager Vulnerability Let Attackers Bypass Authentication Process FortiPAM and FortiSwitch Manager Vulnerability Let Attackers Bypass Authentication Process Cyber Security News
CrowdStrike Reveals New AI Threats with Prompt Injection CrowdStrike Reveals New AI Threats with Prompt Injection Cyber Security News
Free WormGPT Variant Leveraging DeepSeek, Gemini, and Kimi-K2 AI Models Free WormGPT Variant Leveraging DeepSeek, Gemini, and Kimi-K2 AI Models Cyber Security News
10 Malicious npm Packages with Auto-Run Feature on Install Deploys Multi-Stage Credential Harvester 10 Malicious npm Packages with Auto-Run Feature on Install Deploys Multi-Stage Credential Harvester Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Critical Vulnerability in Claude Extension Exposes Google Data
  • Adobe Releases Critical Security Updates for ColdFusion
  • LabubaRAT Disguises as NVIDIA Software to Infiltrate Systems
  • Turkish Banks Hit by Extensive Phishing and Scam Ads
  • Pentera Enhances AI Security with Validation Engines

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Critical Vulnerability in Claude Extension Exposes Google Data
  • Adobe Releases Critical Security Updates for ColdFusion
  • LabubaRAT Disguises as NVIDIA Software to Infiltrate Systems
  • Turkish Banks Hit by Extensive Phishing and Scam Ads
  • Pentera Enhances AI Security with Validation Engines

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark