CVE-2026-35273 – PeopleSoft Enterprise PeopleTools

CVSS 9.8 CRITICAL Critical or Zero Day – Immediate Deployment

“A vulnerable management interface can turn a business platform into an attacker-controlled system.”

Oracle patched CVE-2026-35273 in PeopleSoft Enterprise PeopleTools. This vulnerability affects the Updates Environment Management component in supported versions 8.61 and 8.62. An unauthenticated attacker with network access over HTTP can exploit the vulnerability to compromise PeopleSoft Enterprise PeopleTools. The CVSS score is 9.8, which is Critical severity.

Successful exploitation can result in complete takeover of the affected PeopleSoft Enterprise PeopleTools environment, with high impact to confidentiality, integrity, and availability. The vulnerability requires no authentication and no user interaction. Active exploitation has been reported.

Key Details

Affected Product
Oracle Peoplesoft Enterprise Peopletools
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
CWE Classification
CWE-306
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.