Oracle May 2026 Critical Security Patch Update Addresses 35 CVEs

Oracle's May 2026 Critical Security Patch Update (CSPU) addresses 35 CVEs across five product families, including 11 critical, 18 high, and 6 medium severity issues; Oracle E-Business Suite (12 patches) and Oracle REST Data Services (11 patches) are the most affected, with several vulnerabilities exploitable remotely without authentication. Tenable recommends applying the published patches and will publish detection plugins to identify affected systems.