As a follow-up to our recent post, Accelerating Vulnerability Detection and Response, Oracle is announcing the start date and cadence for monthly Critical Security Patch Updates (CSPUs).
Beginning May 28, 2026, Oracle will deliver a Critical Security Patch Update (CSPU) each month. CSPUs provide targeted fixes for critical vulnerabilities in a smaller, more focused format, allowing customers to address high-priority issues without waiting for the next quarterly release.
CSPUs complement Oracle’s existing quarterly Critical Patch Updates (CPUs):
- Monthly CSPUs deliver timely, high-priority fixes for critical issues
- Quarterly CPUs remain cumulative, including all fixes released in prior CSPUs
This approach enables customers in customer-managed environments to reduce exposure by applying critical fixes sooner, without waiting for the next quarterly cycle.
After the initial May release, CSPUs will follow a monthly cadence aligned to the third Tuesday of each month, consistent with Oracle’s established security release model.
Upcoming Security Release Dates
Date Release Type
May 28, 2026 CSPU
June 16, 2026 CSPU
July 21, 2026 CPU
August 18, 2026 CSPU
Customers using Oracle-managed cloud services continue to receive security updates automatically as part of the service. Maintaining supported versions and applying updates promptly remains one of the most effective ways to reduce security risk.
Learn more in our recent post, Accelerating Vulnerability Detection and Response at Oracle.