This advisory covers a Critical Security Patch Update released by Oracle in June 2026, which fixes 245 security vulnerabilities affecting multiple Oracle product families, including Oracle E-Business Suite (versions 12.2.3-12.2.15 and V15, V16) and various other Oracle middleware, database, and application products. The update addresses vulnerabilities in Oracle code and embedded third-party components. Oracle emphasizes the importance of applying these patches without delay, as some vulnerabilities have been targeted in attempted exploits where patches were not applied. The advisory includes a comprehensive risk matrix and scoring based on CVSS v3.1, but detailed technical specifics of individual vulnerabilities are not disclosed. Workarounds such as blocking network protocols or removing unnecessary privileges may reduce risk temporarily but could impact functionality.

The vulnerabilities fixed by this Critical Security Patch Update potentially expose affected Oracle products to security risks that could be exploited if patches are not applied. While no known exploits in the wild have been reported, Oracle has observed attempted malicious exploitation of previously patched vulnerabilities when customers failed to apply updates. The impact varies by vulnerability and product but generally includes risks to confidentiality, integrity, and availability of affected systems.

Oracle strongly recommends that customers apply the June 2026 Critical Security Patch Update patches as soon as possible to mitigate the vulnerabilities. Until patches are applied, risk may be reduced by blocking network protocols required by potential attacks or by removing unnecessary privileges from users. However, these workarounds may disrupt application functionality. Customers should remain on actively supported product versions and follow Oracle's official patch installation instructions. Refer to the Oracle advisory at https://www.oracle.com/security-alerts/cspujun2026.html for detailed patch availability and guidance.