heise PlusAbo
Anzeige

Update flood: Oracle releases 337 patches for January CPU

Oracle releases bundled security updates quarterly. In January, Oracle delivers 337 updates for the Critical Patch Update.

listen Print view
Oracle logo with update in front of a white background

(Image: heise medien)

2 min. read
Security
By

IT managers need to roll up their sleeves: Oracle has released a total of 337 new security patches for the “Critical Patch Update” (CPU) called patch day in January 2026. They close security vulnerabilities in 122 products from the company's portfolio.

In the security advisory for the January CPU, Oracle lists the 122 affected products and versions. IT managers should act quickly with the provided updates, especially concerning security vulnerabilities that developers classify as critical risks. Vulnerabilities of such severity are found in:

  • Oracle Commerce Guided Search
  • Oracle Communications Order and Service Management
  • Oracle Communications Operations Monitor
  • Primavera Unifier
  • Oracle Banking Branch
  • Oracle Banking Cash Management
  • Oracle Banking Corporate Lending Process Management
  • Oracle Banking Liquidity Management
  • Oracle Banking Supply Chain Finance
  • Oracle Business Process Management Suite
  • Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
  • Oracle Middleware Common Libraries and Tools
  • Oracle Business Process Management Suite
  • Oracle Data Integrator
  • Oracle Fusion Middleware
  • Oracle Outside In Technology
  • Oracle HTTP Server
  • Oracle Business Intelligence Enterprise Edition
  • Oracle Health Sciences Information Manager
  • Oracle Hyperion Infrastructure Technology
  • MySQL Server
  • PeopleSoft Enterprise PeopleTools
  • Siebel CRM Cloud Applications
  • Oracle Agile Product Lifecycle Management for Process
  • Oracle AutoVue Office

Videos by heise

Oracle: Numerous security leaks with high risk

Many products also have high-risk vulnerabilities that narrowly miss being classified as critical risks. Among them are some popular products like Oracle VM VirtualBox, which alone has eleven high-risk vulnerabilities. IT admins should therefore review Oracle's overview to see if they are using any vulnerable products and schedule the patches promptly.

Previously, an Oracle patch day took place in October 2025. There, the company even addressed security leaks in its software with 374 software fixes. The next “Admin Action Day” with Oracle updates is planned for April 21, 2026.

(dmk)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten