CVE-2026-35273: Oracle PeopleSoft Suite

What is CVE-2026-35273?

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS9.8 NVD 3.1

SeverityCRITICAL

ExploitationNo exploitation reported

EPSS<1% · P7

Triage statusNo Known Exploit

ActionPatch within 48 hours

CVSS vectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWECWE-306

NVD published2026-06-11

NVD last modified2026-06-11

Affected product

Oracle PeopleSoft Suite

Remediation Steps

Apply the critical security patch released by Oracle immediately
Verify all PeopleSoft systems are updated before re-enabling internet exposure
Monitor access logs for indicators of prior compromise during the May 27 – June 10 exploitation window
Review telemetry and data access logs for unauthorized activity

References

Coverage on defend.network

Vulnerability Priority Report – Week 2 of June 2026 (June 8 – 14)
Critical: Oracle PeopleSoft Zero-Day, Windows BitLocker Bypass, Gentlemen Ransomware (2026-06-12)

🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.

What is CVE-2026-35273?

Affected product

Remediation Steps

References

Coverage on defend.network

Get Critical CVE Alerts