Oracle Issues Critical Security Patch for High-Severity Vulnerability

Oracle released its January 2026 Critical Patch Update (CPU). The CPU includes 337 new security patches across its product families.

The update fixes CVE-2026-21962, a critical vulnerability. This vulnerability affects Oracle HTTP Server and WebLogic Server Proxy Plug-in. It received the highest possible severity score: 10 out of 10 on the Common Vulnerability Scoring System (CVSS).

Successful exploitation allows an unauthenticated remote attacker to gain full access to the vulnerable product. Attackers could create, delete, or modify sensitive data. Oracle strongly recommends customers apply the security patches without delay, noting that attackers have successfully exploited previously patched vulnerabilities when customers failed to apply them.

Related News

Developers Pressure Oracle to Cede Control of MySQL Amid AI-Era Stagnation Fears

Oracle Stock Rises on Hedge Fund Buying and Tech Sector Recovery

Oracle stock rises in pre-market trading amid broader tech recovery and upcoming earnings catalyst

Oracle Shares Slide 3.9% as AI Debt and Fraud Lawsuits Cloud Growth Outlook

🔴 ORCL is trading 3.06% down today tracking a broader NASDAQ and large-cap tech slump