High Threat Security Alert (A26-05-46): Multiple Vulnerabilities in Oracle Products (May 2026)


 

Published on: 29 May 2026

Description:

Oracle has released the Critical Security Patch Update Advisory with collections of patches for multiple security vulnerabilities found in various Oracle products. The list of security updates can be found at:
https://www.oracle.com/security-alerts/cspumay2026.html

Reports indicated that proof-of-concept (PoC) exploit codes for multiple vulnerabilities (CVE-2025-15467, CVE-2025-58050, CVE-2026-2332 and CVE-2026-25646) are available. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • Database
  • Fusion Applications and Middleware

A complete list of the affected products can be found at:

https://www.oracle.com/security-alerts/cspumay2026.html

 

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service, information disclosure or tampering on an affected system.

 

Recommendation:

Patches for affected systems are available. Users of the affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

Users could also access the security advisory below for the information about the security updates of other Oracle products:
https://www.oracle.com/security-alerts/cspumay2026.html

Users may contact their product support vendors for the fixes and assistance.

 

More Information:

  • https://www.oracle.com/security-alerts/cspumay2026.html
  • https://www.hkcert.org/security-bulletin/oracle-products-multiple-vulnerabilities_20260529
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58050
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2332
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24308
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33557
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34059
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34311
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34487
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35266
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35277
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41044
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46775
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46817 (to CVE-2026-46824)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46826 (to CVE-2026-46830)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46833 (to CVE-2026-46835)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46837
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46839 (to CVE-2026-46843)


Tag: Oracle , Oracle Database , Fusion
Tags