First Ever Monthly Oracle Database Security Update Released: May 2026 CSPU
Oracle has officially shifted to monthly Critical Security Patch Updates (CSPUs). The very first update (May 2026) is now live, addressing three high-severity CVEs. Are you running Oracle 19c? Good news: you are not affected! Read on for the patch details and download links for Oracle 26ai versions.
Earlier this month, Oracle made a major announcement that changes how DBAs will handle database security: they are transitioning to monthly Critical Security Patch Updates (CSPUs) for database servers. You can read the original strategy announcement on the Oracle blog: Monthly Critical Security Patch Updates (CSPUs) Begin May 28, 2026.
Keeping their promise, the very first monthly CSPU dropped on May 28. (Mark your calendars: the next one is already scheduled for June 16).
You can find the official security alert documentation for the current release here: Oracle Security Alert - CSPU May 2026.
Since our focus is purely on database administration, let's cut through the noise and analyze exactly what this update means for our database servers.
The Big Question: Are You Affected?
The most important takeaway from this release is the version scope. This update only impacts database versions 23.4.0 through 23.26.2.
If your production environments are still running Oracle 19c, you are NOT affected by this specific update! You can breathe a sigh of relief for now.
Vulnerability Details
For those running the affected Oracle 26ai releases, applying this patch is highly recommended. The May 2026 CSPU fixes three high-severity vulnerabilities:
How to Get the Patch
As always, you must have an active Oracle Support contract to download the security fixes.
Log into My Oracle Support (MOS) and navigate directly to the patch details using this link: https://support.oracle.com/support/?documentId=CPU164. Alternatively, you can simply type CPU164 into the MOS Knowledge search bar.
Current Platform Availability and Patch Numbers
Please note that at the time of writing, this update is only available for the Linux x86-64 platform.
Depending on your exact database version, you will need to download the following specific patches:
If you are on version 23.26.2.0.0: Download Patch 39345754
If you are on version 23.6.1.0.0: Download Patch 39345746
Applying security patches regularly is the best way to keep your data safe. With the new monthly cadence, DBAs will need to adapt their patching strategies to keep up with the faster release cycle.
Need Oracle DBA Help?
Managing a new monthly patching cycle can be overwhelming. Please check out our Services page to explore how we can support your business, or feel free to reach out to me directly via the Contact page. We are here to help you make the best strategic decisions for your IT infrastructure.
Explore Topics
Newsletter
Never Miss a Crucial Update
Get the latest Oracle and PostgreSQL scripts, security alerts, and DBAInspect news directly to your inbox.
Spotlight
- Our Featured Tool-
Safely audit your Oracle and PostgreSQL environments with our strictly read-only health check tool.
