好的,我现在需要帮用户总结一篇文章的内容,控制在100个字以内。首先,我得仔细阅读用户提供的文章内容,了解其主要信息。 文章主要讲的是甲骨文公司在2026年第二季度的安全更新,修复了241个CVE漏洞,发布了481个补丁,其中34个是关键更新。甲骨文通信产品获得了最多的补丁,占总数的28.9%。背景部分提到这次更新是第二季度的第二次,修复了多个产品的漏洞,并分析了各个产品的补丁数量和严重程度。 接下来,我需要提取关键信息:时间(2026年4月21日)、修复的CVE数量(241)、补丁总数(481)、关键补丁数量(34)、甲骨文通信产品获得最多补丁(139个)。这些信息需要简洁地表达出来。 然后,我要确保总结控制在100字以内,并且直接描述内容,不需要开头语。可能的结构是:时间+修复漏洞数+补丁总数+关键补丁数+甲骨文通信获得最多补丁。 最后,检查是否有遗漏的重要信息,并确保语言流畅、准确。 </think> 甲骨文于2026年4月21日发布第二季度安全更新,修复了241个CVE漏洞并发布481个补丁,其中34个为关键更新。甲骨文通信产品获得最多补丁(139个),占总补丁数的28.9%。 2026-4-21 20:59:27 Author: www.tenable.com(查看原文) 阅读量:10 收藏
April 21, 2026
2 Min Read
Oracle addresses 241 CVEs in its second quarterly update of 2026 with 481 patches, including 34 critical updates.
Key takeaways:
- The second Critical Patch Update (CPU) for 2026 contains fixes for 241 unique CVEs in 481 security updates
- 34 issues (7.1% of all patches) were assigned a critical severity rating
- Oracle Communications received the highest number of patches at 139, accounting for 28.9% of all patches
Background
On April 21, Oracle released its Critical Patch Update (CPU) for April 2026, the second quarterly update of the year. This CPU contains fixes for 241 unique CVEs in 481 security updates across 28 Oracle product families. Out of the 481 security updates published this quarter, 7.1% of patches were assigned a critical severity. High severity patches accounted for the bulk of security patches at 45.9%, followed by medium severity patches at 44.1%.
This quarter's update includes 34 critical patches across 22 CVEs.
| Severity | Issues Patched | CVEs |
|---|---|---|
| Critical | 34 | 22 |
| High | 221 | 99 |
| Medium | 212 | 107 |
| Low | 14 | 13 |
| Total | 481 | 241 |
Analysis
This quarter, the Oracle Communications product family contained the highest number of patches at 139, accounting for 28.9% of the total patches, followed by Oracle Financial Services Applications at 75 patches, which accounted for 15.6% of the total patches.
A full breakdown of the patches for this quarter can be seen in the following table, which also includes a count of vulnerabilities that can be exploited over a network without authentication.
| Oracle Product Family | Number of Patches | Remote Exploit without Auth |
|---|---|---|
| Oracle Communications | 139 | 93 |
| Oracle Financial Services Applications | 75 | 59 |
| Oracle Fusion Middleware | 59 | 46 |
| Oracle MySQL | 34 | 3 |
| Oracle PeopleSoft | 21 | 7 |
| Oracle E-Business Suite | 18 | 8 |
| Oracle Analytics | 15 | 11 |
| Oracle Retail Applications | 15 | 15 |
| Oracle Siebel CRM | 14 | 13 |
| Oracle Java SE | 11 | 7 |
| Oracle GoldenGate | 10 | 7 |
| Oracle Enterprise Manager | 9 | 8 |
| Oracle Virtualization | 9 | 1 |
| Oracle Database Server | 8 | 4 |
| Oracle Utilities Applications | 7 | 6 |
| Oracle Hyperion | 6 | 4 |
| Oracle Construction and Engineering | 4 | 3 |
| Oracle Life Science Applications | 4 | 3 |
| Oracle Supply Chain | 4 | 2 |
| Oracle Blockchain Platform | 3 | 2 |
| Oracle Commerce | 3 | 2 |
| Oracle JD Edwards | 3 | 3 |
| Oracle Adapter for Eclipse RDF4J | 2 | 2 |
| Oracle Autonomous Health Framework | 2 | 1 |
| Oracle REST Data Services | 2 | 2 |
| Oracle Systems | 2 | 1 |
| Oracle TimesTen In-Memory Database | 1 | 1 |
| Oracle Hospitality Applications | 1 | 1 |
Solution
Customers are advised to apply all relevant patches in this quarter's CPU. Please refer to the April 2026 advisory for full details.
Identifying affected systems
A list of Tenable plugins to identify these vulnerabilities will appear here as they're released. This link uses a search filter to ensure that all matching plugin coverage will appear as it is released.
Get more information
Research Special Operations
The Research Special Operations (RSO) team serves as Tenable’s Forward Logistics Element in the threat landscape, providing customers with the analyses and contextualized exposure intelligence required to manage risks to critical business assets. With over 150 years of collective expertise, this hand-picked group of world-class security researchers is united with one mission: to cut through the noise and deliver critical intelligence about the most dangerous cyber threats emerging right now. Uniting the missions of the Tenable Security Response, Zero-Day Research, and Decision Science Operations teams, RSO disseminates timely, accurate, and actionable information about the latest threats and exposures.
Cybersecurity news you can use
Enter your email and never miss timely alerts and security guidance from the experts at Tenable.
如有侵权请联系:admin#unsafe.sh