- 98/2026
- Critical
Oracle released its critical patch updates for April 2026, including 450 new security patches across multiple affected Oracle and third-party products.
The addressed vulnerabilities could allow the attacker to obtain sensitive information, bypass security restrictions, manipulate data, gain privileges, perform denial-of-service attacks, execute arbitrary code, and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. Oracle Identity Manager Connector Unauthorized Access Vulnerability (CVE- 2026-34285):
- CVSS: 9.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Data Manipulation
2. Oracle Applications DBA Takeover Vulnerability (CVE-2026-22011):
- CVSS: 7.6
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: High
- User Interaction: Required
- Consequences: Gain Access
It should be highlighted that Oracle is aware that several vulnerabilities are remotely exploitable without authentication.
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.