Oracle April 2026 Critical Patch Update Addresses 241 CVEs

DataComm Networks Incorporated, a leader in Cybersecurity partner in the Tampa Bay Area and beyond.
  • Home |
  • Oracle April 2026 Critical Patch Update Addresses 241 CVEs

This post was originally published on this site.

Oracle addresses 241 CVEs in its second quarterly update of 2026 with 481 patches, including 34 critical updates.

Key takeaways:

  1. The second Critical Patch Update (CPU) for 2026 contains fixes for 241 unique CVEs in 481 security updates
     
  2. 34 issues (7.1% of all patches) were assigned a critical severity rating
     
  3. Oracle Communications received the highest number of patches at 139, accounting for 28.9% of all patches
     

Background

On April 21, Oracle released its Critical Patch Update (CPU) for April 2026, the second quarterly update of the year. This CPU contains fixes for 241 unique CVEs in 481 security updates across 28 Oracle product families. Out of the 481 security updates published this quarter, 7.1% of patches were assigned a critical severity. High severity patches accounted for the bulk of security patches at 45.9%, followed by medium severity patches at 44.1%.

This quarter’s update includes 34 critical patches across 22 CVEs.

Severity Issues Patched CVEs
Critical 34 22
High 221 99
Medium 212 107
Low 14 13
Total 481 241

Analysis

This quarter, the Oracle Communications product family contained the highest number of patches at 139, accounting for 28.9% of the total patches, followed by Oracle Financial Services Applications at 75 patches, which accounted for 15.6% of the total patches.

A full breakdown of the patches for this quarter can be seen in the following table, which also includes a count of vulnerabilities that can be exploited over a network without authentication.

Oracle Product Family Number of Patches Remote Exploit without Auth
Oracle Communications 139 93
Oracle Financial Services Applications 75 59
Oracle Fusion Middleware 59 46
Oracle MySQL 34 3
Oracle PeopleSoft 21 7
Oracle E-Business Suite 18 8
Oracle Analytics 15 11
Oracle Retail Applications 15 15
Oracle Siebel CRM 14 13
Oracle Java SE 11 7
Oracle GoldenGate 10 7
Oracle Enterprise Manager 9 8
Oracle Virtualization 9 1
Oracle Database Server 8 4
Oracle Utilities Applications 7 6
Oracle Hyperion 6 4
Oracle Construction and Engineering 4 3
Oracle Life Science Applications 4 3
Oracle Supply Chain 4 2
Oracle Blockchain Platform 3 2
Oracle Commerce 3 2
Oracle JD Edwards 3 3
Oracle Adapter for Eclipse RDF4J 2 2
Oracle Autonomous Health Framework 2 1
Oracle REST Data Services 2 2
Oracle Systems 2 1
Oracle TimesTen In-Memory Database 1 1
Oracle Hospitality Applications 1 1

Solution

Customers are advised to apply all relevant patches in this quarter’s CPU. Please refer to the April 2026 advisory for full details.

Identifying affected systems

A list of Tenable plugins to identify these vulnerabilities will appear here as they’re released. This link uses a search filter to ensure that all matching plugin coverage will appear as it is released.

Get more information

Join Tenable’s Research Special Operations (RSO) Team on Tenable Connect for further discussions on the latest cyber threats.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

Latest posts

Technology Trends
Travis Norris

Update Fatigue: How the relentless pace of software updates is breaking user trust — and what organizations can do about it

Somewhere between the fourteenth update notification of the week and the third forced restart during a critical deadline, something breaks. Not the software — the user. They click “Remind me later.” Then again. And again. Eventually, they stop updating altogether.

This is update fatigue — and it’s quietly becoming one of the most significant and underappreciated vulnerabilities in organizational cybersecurity today.

Read More ⇾
Kofi's Korner - Insights from DataComm's Technical Solutions Team
Kofi's Korner
Kofi Kankam

Kofi’s Korner April 2026

Rising technology costs, evolving cyber threats, and increasingly complex IT environments are forcing organizations to rethink how they plan, protect, and scale their infrastructure. In this edition of Kofi’s Korner, we explore what’s driving today’s unpredictable pricing landscape, how a layered security approach strengthens resilience, and why solutions like SecurShield IDS/IPS are critical in a firewall-first world. Discover practical insights and strategies to help your organization stay secure, compliant, and ahead of what’s next.

Read More ⇾

SecurNOC

Monitor your network devices and view their configuration changes.

SecurPortal

A live look at your events, security event charts and tickets.

Ticketing Portal

Login here to easily add and managed trouble tickets.

Remote Support

Let DataComm remotely access your computer to render aid.