Oracle, a leading software provider, has announced the release of its Critical Security Patch Update (CSPU) for June 2026. This marks the second monthly update since the company initiated a more frequent patching schedule to better address severe vulnerabilities.
Expanded Monthly Security Updates
The software giant has maintained its quarterly Critical Patch Updates but has supplemented these with monthly patches to promptly address critical security issues. The latest CSPU introduces 245 new patches across various products, including Communications, E-Business Suite, and Fusion Middleware.
Notably, approximately 120 of these vulnerabilities have been categorized as ‘critical’ based on their Common Vulnerability Scoring System (CVSS) scores. Alarmingly, 100 of these issues can be remotely exploited without authentication, posing significant risks to unpatched systems.
Focus on Critical Vulnerabilities
The update brings attention to Oracle Fusion Middleware, which received over 100 patches, the majority of which are rated as ‘critical’ or ‘high’ severity. Oracle emphasizes the importance of applying these patches promptly to mitigate potential exploitation risks.
In its advisory, Oracle highlighted that some customers have suffered successful attacks due to delays in applying available patches, underscoring the necessity of timely updates. However, Oracle has not reported any zero-day vulnerabilities being actively exploited in this release.
Specific Threats and Recommendations
Security firms have identified the ShinyHunters cybercrime group as exploiting a flaw in Oracle PeopleSoft, designated as CVE-2026-35273. The targeted attacks reportedly impacted over 100 organizations, particularly in the education sector.
Oracle has advised users to apply the patch for CVE-2026-35273, although its public documentation does not confirm active exploitation in the wild. The June advisory mentions the vulnerability but lacks details on current attacks.
As cybersecurity threats continue to evolve, Oracle remains committed to enhancing its security measures. Users are strongly encouraged to stay updated with the latest patches to safeguard their systems against potential threats.
