Oracle has released its January 2026 Critical Patch Update to address multiple vulnerabilities across Java SE,
High Threat Security Alert (A26-01-15): Multiple Vulnerabilities in Oracle Java and Oracle Products (Jan 2026) Published on: 21 January 2026 Description: Oracle has released the Critical Patch Update (CPU) Advisory with collections of patches for multiple security vulnerabilities found in Java SE and various Oracle products. The list of security updates can be found at: https://www.oracle.com/security-alerts/cpujan2026.html Reports indicated that a remote code execution vulnerability (CVE-2025-27363) is being exploited in the wild and indicated that proof-of-concept (PoC) exploit codes for multiple vulnerabilities (CVE-2024-57699, CVE-2025-4949, CVE-2025-6021, CVE-2025-7425, CVE-2025-25193, CVE-2025-26791, CVE-2025-30065, CVE-2025-47219, CVE-2025-53864, CVE-2025-54571, CVE-2025-54874, CVE-2025-59419, CVE-2025-65018, CVE-2025-66516 and CVE-2025-67735) are available. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks. Affected Systems: Oracle Java SE Database Fusion Applications and Middleware Oracle MySQL Product Suite NoSQL Database Oracle and Sun Systems Products Suite Oracle Linux and Virtualization A complete list of the affected products can be found at: https://www.oracle.com/security-alerts/cpujan2026.html Impact: Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service, elevation of privilege, information disclosure, security restriction bypass or tampering on an affected system. Recommendation: Patches for affected systems are available. Users of the affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. For Oracle Java SE products, please refer to the following link: Java Platform SE 8u471 (JDK and JRE) Java Platform SE 11.0.29 (JDK and JRE) Java Platform SE 17.0.17 (JDK and JRE) Java Platform SE 21.0.9 (JDK and JRE) Java Platform SE 25.0.1 (JDK and JRE) https://www.oracle.com/java/technologies/javase-downloads.html For OpenJDK, please refer to the following link: https://jdk.java.net Users could also access the security advisory below for the information about the security updates of other Oracle products: https://www.oracle.com/security-alerts/cpujan2026.html Users may contact their product support vendors for the fixes and assistance. More Information: https://www.oracle.com/security-alerts/cpujan2026.html https://www.hkcert.org/security-bulletin/oracle-products-multiple-vulnerabilities_20260121 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23926 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33813 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43113 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23395 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41342 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45047 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29081 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12133 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13009 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23807 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42516 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43204 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46901 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47252 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47554 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52046 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56406 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57699 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4575 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4949 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5115 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5318 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5987 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6021 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6052 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7425 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7962 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8194 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8916 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9900 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12183 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12383 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22228 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23048 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25193 https://cve.mitre.org/cgi-bin/cvename.cgi