AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

Oracle’s first monthly patch release fixes 35 flaws, including 11 rated ‘critical’

infonews

security

Source: CSO OnlineJune 1, 2026

Summary

Oracle released its first monthly Critical Security Patch Update (CSPU, a new faster patch cycle for urgent fixes that can't wait for quarterly updates) addressing 35 vulnerabilities, including 11 rated critical and several with publicly available exploit code. The most dangerous flaw is CVE-2026-46840 with a perfect CVSS score (a 0-10 severity rating) of 10, which allows unauthenticated attackers to take over Oracle REST Data Services (a gateway that exposes databases through APIs) via HTTPS.

Solution / Mitigation

Oracle stated that the CSPU "provides targeted, high-priority security fixes in a smaller, more focused format, making them easier to apply with minimal disruption." Oracle will release CSPUs on the third Tuesday of each month, with dates scheduled for June 16, July 21, August 18, and September 15. Oracle cloud customers are patched automatically.

Classification

Attack SophisticationModerate

Monthly digest — independent AI security research

Original source: https://www.csoonline.com/article/4179473/oracles-first-monthly-patch-release-fixes-35-flaws-including-11-rated-critical.html

First tracked: June 1, 2026 at 02:00 PM

Classified by LLM (prompt v3) · confidence: 95%