Skip to main content
Mallory
Back to intelligence
widely-deployed-product-advisory

Oracle Issues Critical Security Patch Update Across Multiple Product Families

Updated 2d agoFirst seen Jun 16, 20264 sources

Oracle released its June 2026 Critical Security Patch Update, publishing a formal advisory and a related security blog announcing fixes for vulnerabilities across a broad set of enterprise products. The update covers Oracle Communications, Oracle E-Business Suite, Oracle Enterprise Manager, Oracle Fusion Middleware, Oracle JD Edwards, Oracle MySQL, Oracle PeopleSoft, Oracle Siebel CRM, Oracle Supply Chain, Oracle Systems, and Oracle Virtualization.

Oracle directed customers to its Critical Security Patch Update advisory and an executive summary in My Oracle Support for detailed vulnerability information, and pointed organizations to the Oracle Trust Center for background on its remediation practices and patching program. The release signals that enterprises running affected Oracle technologies should review product-specific guidance and apply the relevant security updates as part of their vulnerability management process.

Share:
Oracle Issues Critical Security Patch Update Across Multiple Product Families
Stay ahead

Get ahead of threats like this

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.

Start free trial
EVENT TIMELINE

How this story unfolded

2 events from the most recent confirmed update back to the earliest known activity.

2 EVENTS
Jun 16, 20264d ago

Oracle releases June 2026 Critical Security Patch Update

Oracle released its June 2026 Critical Security Patch Update, delivering security fixes across multiple product families including Oracle Communications, E-Business Suite, Enterprise Manager, Fusion Middleware, JD Edwards, MySQL, PeopleSoft, Siebel CRM, Supply Chain, Systems, and Virtualization.

June 2026 Critical Security Patch Update Released | security
Jun 11, 20269d ago

Oracle publishes June 2026 Critical Patch Update advisory

Oracle published its June 2026 Critical Security Patch Update advisory, providing details on the security fixes included in the release.

Oracle Critical Security Patch Update Advisory - June 2026
LINKED ENTITIES

Related entities

Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.

80 LINKEDOpen in app
Vulnerabilities
40 linked
Unauthenticated RCE in Oracle PeopleSoft PeopleTools Environment Management Hub (PSEMHUB/EMHub)Unauthenticated takeover vulnerability in Oracle ADF FacesUnauthenticated Access Control Bypass in Oracle WebCenter Content SearchApache Log4j Core Socket Appender TLS Hostname Verification BypassUnauthenticated Sensitive Data Exposure in Oracle Agile PLM User and User GroupInformation disclosure in SQLite zipfileInflate via crafted ZIP fileSilent log event loss in Apache Log4j 1-to-Log4j 2 bridge Log4j1XmlLayoutApache Log4j Core XmlLayout XML character sanitization flawApache Log4j Core verifyHostName TLS hostname verification bypassCRLF Log Injection in Apache Log4j Core Rfc5424LayoutInvalid JSON output in Apache Log4j JsonTemplateLayoutUnauthenticated HTTP takeover of Oracle WebLogic Server ConsoleOracle Enterprise Command Center Framework Core takeover vulnerabilityUnauthenticated takeover in Oracle Enterprise Command Center Framework CoreUnauthenticated DoS in Oracle MySQL Server and MySQL Cluster Connection HandlingOracle Enterprise Manager Base Platform Metadata Plugin takeover vulnerabilityOracle Enterprise Manager Base Platform Metadata Plugin takeover vulnerabilityOracle Enterprise Command Center Framework Core HTTP VulnerabilityOracle Universal Work Queue Work Provider Site Level Administration takeover vulnerabilityUnauthenticated HTTP takeover of Oracle Coherence CoreOracle Enterprise Manager Base Platform Target Management takeover vulnerabilityOracle Solaris Remote Administration Daemon unauthenticated HTTPS compromiseOracle Applications Manager Internal Operations HTTP takeover vulnerabilityOracle VM VirtualBox Shared Folders data access/modification vulnerabilityUnauthenticated HTTP takeover of Oracle MySQL RouterDenial of Service in Oracle MySQL Router via TLSUnauthenticated HTTP takeover vulnerability in Oracle Coherence Centralized Third Party JarsOracle Enterprise Manager Base Platform Discovery Framework takeover vulnerabilityUnauthenticated takeover in Oracle PeopleSoft PeopleTools Performance MonitorOracle Universal Work Queue Work Provider Site Level Administration takeover vulnerabilityUnauthenticated takeover vulnerability in Oracle WebLogic Server ConsoleUnauthenticated HTTP takeover in Oracle Enterprise Manager Base Platform Oracle Management ServiceUnauthenticated takeover vulnerability in Oracle WebCenter Portal Security FrameworkUnauthorized data access/modification in Oracle PeopleSoft Enterprise PT PeopleTools WebLogic componentUnauthenticated RMI takeover in Oracle WebCenter Enterprise Capture Client BundleUnauthenticated takeover vulnerability in Oracle Agile PLM 9.3.6Takeover vulnerability in Oracle VM VirtualBox CoreOracle Enterprise Command Center Framework Core compromise via HTTPSOracle Process Manufacturing Product Development Internal Operations takeover vulnerabilityOracle Enterprise Command Center Framework Core HTTP vulnerability
Threat actors
1 linked
ShinyHunters
Affected products
31 linked
Oracle E-Business SuiteOracle Vm VirtualboxOracle Webcenter SitesOracle Jd Edwards Enterpriseone ToolsOracle Access ManagerOracle Webcenter ContentOracle SolarisOracle Webcenter PortalOracle Identity ManagerOracle Agile PlmOracle Weblogic ServerOracle Communications Network IntegrityOracle CoherenceOracle Unified DirectoryOracle Data IntegratorOracle Virtual DirectoryOracle Webcenter Enterprise CaptureOracle Communications Convergent Charging ControllerOracle Application Development FrameworkOracle Enterprise Manager Base PlatformOracle Communications Network Charging And ControlOracle Mysql ServerOracle Fusion MiddlewareOracle Siebel CrmMysql Ndb ClusterMysql ServerPeoplesoft PeopletoolsMysql ShellMysql ClusterMysqlMysql Router
Organizations
8 linked
OracleTrend MicroSecurityWeekTelecom ItaliaAssetnoteDEVCORENetSPIArmadin
SOURCE COVERAGE

Sources

4 references tracked. Mallory keeps watching after this page renders.

4 SOURCESView all
The operational view lives in Mallory

See the full picture, correlated to your attack surface.

This page covers what’s public. Mallory adds the parts that aren’t — which of your assets are affected, which threat actors are using it right now, which detections to deploy, and what to do next.
Start free trial
Exposure mapping

Map indicators from this story to your assets and identify affected systems in minutes.

Threat actor evidence

Every observed campaign, victim, and pivot linked to actors named in this story.

Associated malware

Malware, exploits, and IOCs connected to the activity described here.

Detection signatures

YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.

Scheduled alerts

Get matching new stories delivered to your team as they break — not the next morning.

AI threads

Ask questions about this story and take action on the answers.