Oracle Corporation announced the release of its April 2026 Critical Patch Update (CPU) on Wednesday, delivering 481 security fixes to address vulnerabilities across 28 distinct product families. This quarterly release represents a significant security maintenance event for the company’s global customer base, focusing on mitigating risks associated with unauthorized access and remote code execution.

According to the official advisory, over 300 of the addressed vulnerabilities are classified as remotely exploitable without requiring user credentials. This category of flaw is considered high-risk, as it allows attackers to compromise systems over a network without valid login information. The update includes patches for a wide range of Oracle’s flagship products, including the Oracle Database, Fusion Middleware, and the E-Business Suite.

Oracle Communications received a substantial portion of the fixes, with 85 new security patches, 57 of which address vulnerabilities that are remotely exploitable without authentication. Oracle Financial Services Applications followed with 63 new patches, while Oracle Fusion Middleware saw 52 updates. Other affected product lines include Oracle MySQL with 40 patches, Oracle Retail Applications with 32, and Oracle Health Sciences with 28.

The advisory highlighted several vulnerabilities with high Common Vulnerability Scoring System (CVSS) ratings. For instance, Oracle Fusion Middleware includes fixes for flaws with CVSS scores as high as 9.8, indicating critical severity. Oracle Java SE also received 12 new security patches, all of which address vulnerabilities that can be exploited remotely without authentication. The breadth of the update covers both legacy systems and modern cloud-integrated applications.

Oracle’s security team emphasized the importance of timely patching in the accompanying documentation. The company stated that it continues to receive reports of attempts to exploit vulnerabilities for which Oracle has already released fixes. Oracle strongly recommends that customers apply the April 2026 updates without delay to maintain the integrity and security of their environments. The company further advised that customers remain on actively supported versions to ensure they receive future security updates.

This CPU follows the January 2026 update and is part of Oracle's established quarterly release cycle. The company noted that some of the vulnerabilities addressed in this cycle affect multiple products, particularly those utilizing shared components like the Oracle Common Libraries and Tools. The next Critical Patch Update is scheduled for release on July 14, 2026.