VulnerabilityCIS Advisories
9.5 — CRITICAL
Oracle Quarterly Critical Patches Issued April 21, 2026
Multiple vulnerabilities have been discovered in Oracle products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
Multiple vulnerabilities have been discovered in Oracle products, with the most severe allowing for remote code execution and potentially leading to an attacker gaining administrative user rights. There are currently no reports of these vulnerabilities being exploited in the wild.
⚙️Technical Details
Affected Systems
JD Edwards EnterpriseOne ToolsManagement Cloud EngineMySQL ClusterMySQL ConnectorsMySQL Enterprise BackupMySQL ServerMySQL ShellMySQL WorkbenchOracle Access ManagerOracle Adapter for Eclipse RDF4JOracle Agile Product Lifecycle Management for ProcessOracle Application Development Framework (ADF)Oracle Application ExpressOracle Application Testing SuiteOracle Autonomous Health FrameworkOracle AutoVueOracle Banking BranchOracle Banking Cash ManagementOracle Banking Collections and RecoveryOracle Banking Corporate LendingOracle Banking Credit Facilities Process ManagementOracle Banking Liquidity ManagementOracle Banking OriginationOracle Banking PaymentsOracle Banking Supply Chain FinanceOracle Banking Trade FinanceOracle Banking Trade Finance Process ManagementOracle Banking Virtual Account ManagementOracle BI PublisherOracle Blockchain PlatformOracle Business Activity MonitoringOracle Business Intelligence Enterprise EditionOracle Business Process Management SuiteOracle Commerce Guided SearchOracle Communications Billing and Revenue ManagementOracle Communications BRM - Elastic Charging EngineOracle Communications Cloud Native Core Binding Support FunctionOracle Communications Cloud Native Core Certificate ManagementOracle Communications Cloud Native Core ConsoleOracle Communications Cloud Native Core DBTierOracle Communications Cloud Native Core Network Exposure FunctionOracle Communications Cloud Native Core Network Function Cloud Native EnvironmentOracle Communications Cloud Native Core Network Repository FunctionOracle Communications Cloud Native Core Network Slice Selection FunctionOracle Communications Cloud Native Core PolicyOracle Communications Cloud Native Core Security Edge Protection ProxyOracle Communications Cloud Native Core Service Communication ProxyOracle Communications Cloud Native Core Unified Data RepositoryOracle Communications ConvergenceOracle Communications EAGLEOracle Communications EAGLE Application ProcessorOracle Communications EAGLE Element Management SystemOracle Communications EAGLE LNP Application ProcessorOracle Communications Element ManagerOracle Communications Instant Messaging ServerOracle Communications LSMSOracle Communications Messaging ServerOracle Communications Network IntegrityOracle Communications Offline Mediation ControllerOracle Communications Operations MonitorOracle Communications Order and Service ManagementOracle Communications Performance Intelligence CenterOracle Communications Policy ManagementOracle Communications Service Catalog and DesignOracle Communications Session Border ControllerOracle Communications Session Report ManagerOracle Communications Unified AssuranceOracle Communications Unified Inventory ManagementOracle Configuration ManagerOracle Data IntegratorOracle Database ServerOracle DocumakerOracle E-Business Suite
Attack Vectors
Remote code executionPrivilege escalation
💥Impact Assessment
Severity: Critical
Who Is at Risk
Users with administrative user rights on affected systems, particularly those in finance and banking sectors.
🛡️Recommended Actions
1Apply patches to all Oracle products immediately
2Monitor system logs for suspicious activity
3Implement additional security controls, such as intrusion detection systems
📦Affected Products
Jd Edwards Enterpriseone Tools: TrueManagement Cloud Engine: TrueMysql Cluster: TrueMysql Connectors: TrueMysql Enterprise Backup: TrueMysql Server: TrueMysql Shell: TrueMysql Workbench: TrueOracle Access Manager: TrueOracle Adapter For Eclipse Rdf4J: TrueOracle Agile Product Lifecycle Management For Process: TrueOracle Application Development Framework (Adf): TrueOracle Application Express: TrueOracle Application Testing Suite: TrueOracle Autonomous Health Framework: TrueOracle Autovue: TrueOracle Banking Branch: TrueOracle Banking Cash Management: TrueOracle Banking Collections And Recovery: TrueOracle Banking Corporate Lending: TrueOracle Banking Credit Facilities Process Management: TrueOracle Banking Liquidity Management: TrueOracle Banking Origination: TrueOracle Banking Payments: TrueOracle Banking Supply Chain Finance: TrueOracle Banking Trade Finance: TrueOracle Banking Trade Finance Process Management: TrueOracle Banking Virtual Account Management: TrueOracle Bi Publisher: TrueOracle Blockchain Platform: TrueOracle Business Activity Monitoring: TrueOracle Business Intelligence Enterprise Edition: TrueOracle Business Process Management Suite: TrueOracle Commerce Guided Search: TrueOracle Communications Billing And Revenue Management: TrueOracle Communications Brm - Elastic Charging Engine: TrueOracle Communications Cloud Native Core Binding Support Function: TrueOracle Communications Cloud Native Core Certificate Management: TrueOracle Communications Cloud Native Core Console: TrueOracle Communications Cloud Native Core Dbtier: TrueOracle Communications Cloud Native Core Network Exposure Function: TrueOracle Communications Cloud Native Core Network Function Cloud Native Environment: TrueOracle Communications Cloud Native Core Network Repository Function: TrueOracle Communications Cloud Native Core Network Slice Selection Function: TrueOracle Communications Cloud Native Core Policy: TrueOracle Communications Cloud Native Core Security Edge Protection Proxy: TrueOracle Communications Cloud Native Core Service Communication Proxy: TrueOracle Communications Cloud Native Core Unified Data Repository: TrueOracle Communications Convergence: TrueOracle Communications Eagle: TrueOracle Communications Eagle Application Processor: TrueOracle Communications Eagle Element Management System: TrueOracle Communications Eagle Lnp Application Processor: TrueOracle Communications Element Manager: TrueOracle Communications Instant Messaging Server: TrueOracle Communications Lsms: TrueOracle Communications Messaging Server: TrueOracle Communications Network Integrity: TrueOracle Communications Offline Mediation Controller: TrueOracle Communications Operations Monitor: TrueOracle Communications Order And Service Management: TrueOracle Communications Performance Intelligence Center: TrueOracle Communications Policy Management: TrueOracle Communications Service Catalog And Design: TrueOracle Communications Session Border Controller: TrueOracle Communications Session Report Manager: TrueOracle Communications Unified Assurance: TrueOracle Communications Unified Inventory Management: TrueOracle Configuration Manager: TrueOracle Data Integrator: TrueOracle Database Server: TrueOracle Documaker: TrueOracle E-Business Suite: True
Read the full article
This is a curated summary. The complete article is available at CIS Advisories.