January 2026 Critical Patch Update Released

January 20, 2026 1 minute read

Oracle today released the January 2026 Critical Patch Update.

This Critical Patch Update provides security updates for a wide range of product families: Oracle Database Server, Oracle APEX, Oracle Essbase, Oracle GoldenGate, Oracle Graph Server and Client, Oracle NoSQL Database, Oracle Secure Backup, Oracle Zero Data Loss Recovery Appliance, Oracle Commerce, Oracle Communications, Oracle Construction and Engineering, Oracle E-Business Suite, Oracle Enterprise Manager, Oracle Financial Services Applications, Oracle Fusion Middleware, Oracle Analytics, Oracle Health Sciences Applications, Oracle HealthCare Applications, Oracle Hospitality Applications, Oracle Hyperion, Oracle Java SE, Oracle JD Edwards, Oracle MySQL, Oracle PeopleSoft, Oracle Retail Applications, Oracle Siebel CRM, Oracle Supply Chain, Oracle Systems, Oracle Utilities Applications, Oracle Virtualization.

For more information about the January 2026 Critical Patch Update, customers should refer to the Critical Patch Update advisory located at https://oracle.com/security-alerts/cpujan2026.html and the executive summary published on My Oracle Support (Doc ID CPU3).

For more information about the Critical Patch Update program, see the security vulnerability remediation practices page located on the Oracle Trust Center.

Integrated Cyber Center (ICC)

Oracle’s Integrated Cyber Center (ICC) serves as the enterprise hub for orchestrating Oracle’s global incident response, customer trust, and strategic security communications. By unifying people, processes, and intelligence across the organization, the ICC ensures Oracle operates as one enterprise with one voice—protecting customers, strengthening transparency, and driving continuous evolution of our collective security posture.

January 2026 Critical Patch Update Released

Authors

Integrated Cyber Center (ICC)

Preparing for Post Quantum Cryptography