Description:
Oracle has released the Critical Security Patch Update Advisory with collections of patches for multiple security vulnerabilities found in various Oracle products. The list of security updates can be found at:
https://www.oracle.com/security-alerts/cspujun2026.html
Reports indicated that proof-of-concept (PoC) exploit code is available for an information disclosure vulnerability (CVE-2025-70873). System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.
Affected Systems:
- Fusion Applications and Middleware
- Oracle MySQL Product Suite
- Oracle and Sun Systems Products Suite
A complete list of the affected products can be found at:
https://www.oracle.com/security-alerts/cspujun2026.html
Impact:
Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service, elevation of privilege, information disclosure, security restriction bypass or tampering on an affected system.
Recommendation:
Patches for affected systems are available. Users of the affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
Users could also access the security advisory below for the information about the security updates of other Oracle products:
https://www.oracle.com/security-alerts/cspujun2026.html
Users may contact their product support vendors for the fixes and assistance.
More Information:
- https://www.oracle.com/security-alerts/cspujun2026.html
- https://www.hkcert.org/security-bulletin/oracle-products-multiple-vulnerabilities_20260617
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-70873
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34481
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35233
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35258 (to CVE-2026-35259)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35261 (to CVE-2026-35263)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35265
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35267 (to CVE-2026-35272)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35274 (to CVE-2026-35276)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35278 (to CVE-2026-35286)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35288 (to CVE-2026-35289)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35291 (to CVE-2026-35296)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35298 (to CVE-2026-35327)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46765 (to CVE-2026-46774)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46776 (to CVE-2026-46810)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46812 (to CVE-2026-46816)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46825
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46832
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46838
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46844 (to CVE-2026-46875)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46877 (to CVE-2026-46916)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46918 (to CVE-2026-46922)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46925 (to CVE-2026-46935)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46937 (to CVE-2026-46940)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46942
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46944 (to CVE-2026-46947)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46949 (to CVE-2026-46953)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46955 (to CVE-2026-46967)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46969 (to CVE-2026-46974)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46976 (to CVE-2026-46979)
