ORACLE has released its first monthly Critical Security Patch Update (CSPU) addressing 77 vulnerabilities, including 12 critical issues. The CSPU is designed to provide quicker fixes for high-priority vulnerabilities, supplementing the quarterly Critical Patch Update. The May 2026 CSPU includes patches for five products: Database Server, REST Data Services, Communications, E-Business Suite, and Hospitality Applications.
Notably, many of the flaws can be exploited remotely without authentication, and organizations are urged to apply these updates promptly to protect against known threats. Additional CSPUs are scheduled for mid-June, August, and September.