Site icon VMVirtualMachine.com

Oracle’s first 2026 CPU delivers 337 new security patches

Oracle’s first 2026 CPU delivers 337 new security patches

By Ionut Arghire
Publication Date: 2026-01-21 10:46:00

Oracle has released 337 new security patches for over 30 products as part of its first Critical Patch Update (CPU) for 2026.

There appear to be about 230 unique CVEs at Oracle January 2026 CPU advisory.

More than two dozen of the new fixes address critical-severity vulnerabilities, and over 235 patches address vulnerabilities that can be exploited remotely without authentication.

About half a dozen patches address CVE-2025-66516 (CVSS score of 10/10), a critical issue Defect in Apache Tika This could lead to XML External Entity (XXE) injection attacks.

The vulnerability affects three Apache Tika modules and can be exploited by inserting crafted XFA files into PDF documents.

Oracle products that have received patches for the issue include Commerce, Communications, Construction and Engineering, Fusion Middleware and PeopleSoft.

Advertising. Scroll to continue reading.

Once again, Oracle Communications received the largest number of security fixes with 56. Of which 34…

Exit mobile version