CVE-2026-35273 – PeopleSoft Enterprise PeopleTools
“A vulnerable management interface can turn a business platform into an attacker-controlled system.”
Oracle patched CVE-2026-35273 in PeopleSoft Enterprise PeopleTools. This vulnerability affects the Updates Environment Management component in supported versions 8.61 and 8.62. An unauthenticated attacker with network access over HTTP can exploit the vulnerability to compromise PeopleSoft Enterprise PeopleTools. The CVSS score is 9.8, which is Critical severity.
Successful exploitation can result in complete takeover of the affected PeopleSoft Enterprise PeopleTools environment, with high impact to confidentiality, integrity, and availability. The vulnerability requires no authentication and no user interaction. Active exploitation has been reported.
Key Details
- Affected Product
- Oracle Peoplesoft Enterprise Peopletools
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-306