This Critical Security Patch Update released by Oracle in June 2026 addresses 245 security vulnerabilities affecting multiple Oracle Fusion Middleware products and other Oracle software families. The update includes fixes for vulnerabilities identified by numerous CVE identifiers, including CVE-2026-46788 and many others. The advisory emphasizes the importance of applying patches without delay as some vulnerabilities have been exploited due to customers not applying previous patches. The update covers a broad product range including WebLogic Server, WebCenter suite, Identity Manager, Oracle Coherence, Oracle Virtual Directory, Oracle E-Business Suite, MySQL components, PeopleSoft, Siebel, and others. Oracle provides risk matrices and documentation to assist customers in assessing the impact and conditions for exploitation. Workarounds exist but may affect application functionality. No CVSS scores are provided in the advisory, but the volume and critical nature of the patches indicate a high severity level.

The vulnerabilities addressed by this update potentially allow attackers to exploit security weaknesses in widely used Oracle products, which could lead to unauthorized access, data breaches, or disruption of services. Oracle reports that some vulnerabilities have been exploited in the wild, primarily due to customers failing to apply available patches. The broad range of affected products and the number of vulnerabilities (245) indicate a significant security risk if patches are not applied. The advisory does not specify individual vulnerability impacts or exploit techniques but implies critical risk given the urgency of patching.

Oracle strongly recommends that customers apply the June 2026 Critical Security Patch Update immediately to mitigate the vulnerabilities. The patches are designed to be applied with minimal disruption. Until patches are applied, risk may be reduced by blocking network protocols required by potential attacks and by removing unnecessary privileges or access to vulnerable packages from users. However, these workarounds may break application functionality and should be used cautiously. Oracle advises customers to remain on actively supported versions and to apply security patches without delay. Customers should consult the official Oracle advisory and patch documentation for detailed installation instructions and risk matrices.