Oracle has released the first security fixes in its new monthly Critical Security Patch Update (CSPU) cycle, designed to address urgent vulnerabilities that can’t wait for the company’s quarterly patching. The initial batch addresses 35 flaws, including several for which exploit code is publicly available.
In total, there are 11 flaws rated ‘critical’, 18 rated ‘high’, and 6 ‘medium’. The most important on paper are 10 critically-rated flaws, including those affecting Oracle REST Data Services (CVE-2026-46840, CVE-2026-46775, CVE-2026-46839), Oracle E-Business Suite (CVE-2026-46822), the Oracle Universal Work Queue portal (CVE-2026-46824), and Oracle Payments (CVE-2026-46817).
Despite the hi...