Actively exploited in the wild
Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability
Oracle — PeopleSoft Enterprise PeopleTools · Listed in the CISA KEV since 2026-06-12. This indicates confirmed attacks in production environments.
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
CVE-2026-35273
CriticalCVSS 9.8KEVExploitation Probability (EPSS)
Very high risk96th percentile — higher than 96% of all known CVEs
Summary
Vulnerability in the Oracle PeopleSoft PeopleTools product related to Updates Environment Management. Versions 8.61 and 8.62 are susceptible to easily exploitable attacks that can lead to system takeover.
Risk Assessment
An unauthenticated attacker with network access via HTTP can easily compromise PeopleSoft Enterprise PeopleTools, posing a serious threat to the confidentiality, integrity, and availability of data.
Recommendation
It is recommended to immediately update the system to the latest version to mitigate this vulnerability and implement additional security measures, such as restricting access to the system.
Original NVD description (English source)
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

