By Ionut Arghire
Publication Date: 2026-04-22 08:41:00
Oracle on Tuesday announced the release of 481 new security patches as part of its April 2026 Critical Patch Update (CPU).
Across the 28 product families that received security updates, more than 300 patches address vulnerabilities that can be exploited remotely without authentication. About three dozen fixes address security flaws of critical severity.
Currently there appear to be around 450 unique CVEs listed Oracle CPU Page. Approximately 240 are included in the risk matrix tables, but additional CVEs and third-party issues that were not exploitable in Oracle’s products were also resolved.
In some cases, the same CVE was patched in multiple products. For some products, Oracle did not release new security patches for exploitable vulnerabilities, but instead rolled out third-party patches.
Oracle Communications received the most security patches this month with 139, including 93 for vulnerabilities that can be exploited remotely without…



