Alerts
Critical Vulnerability in Oracle PeopleSoft Enterprise PeopleTools
12 June 2026
Oracle has released security updates to address a critical vulnerability in Oracle PeopleSoft Enterprise PeopleTools that could allow unauthenticated attackers to perform remote code execution and fully compromise the affected system. Patch immediately.
Background
Oracle has released security updates to address a critical vulnerability (CVE-2026-35273) affecting the Updates Environment Management component of Oracle PeopleSoft Enterprise PeopleTools. The vulnerability has a Common Vulnerability Scoring System (CVSS v3.1) score of 9.8 out of 10.
Impact
Due to missing authentication for a critical function in Oracle PeopleSoft Enterprise PeopleTools Updates Environment Management, an unauthenticated attacker with network access via HTTP could send specially crafted requests to achieve remote code execution (RCE), potentially leading to full system compromise.
Known exploitation
This vulnerability is reportedly being actively exploited in the wild.
Affected Products
The vulnerability affects Oracle PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62.
Recommendation
Users and administrators of affected products are advised to update the affected products to the latest version immediately.
References
https://www.oracle.com/security-alerts/alert-cve-2026-35273.html
https://nvd.nist.gov/vuln/detail/CVE-2026-35273
https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html