CVE-2026-35273KEVEXPLOITEDPATCHED

oracle · peoplesoft_enterprise_peopletools

CVE-2026-35273: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Mana

Description

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Affected Products

Vendor	Product	Versions
oracle	peoplesoft_enterprise_peopletools	8.61, 8.62

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
oracle	peoplesoft	cert_advisory	90%

References

https://www.oracle.com/security-alerts/alert-cve-2026-35273.html(vendor-advisory)

Related News (15 articles)

Tier D

Ars Technica Security18h ago

PeopleSoft 0-day affecting hundreds of organizations steals gigabytes of data

→ No new info (linked only)

Tier C

Rapid7 Blog1d ago

Active Exploitation of Oracle PeopleSoft Zero-Day (CVE-2026-35273)

→ No new info (linked only)

Tier D

CSO Online1d ago

Oracle PeopleSoft zero‑day fuels ShinyHunters extortion spree

→ No new info (linked only)

Tier D

SecurityWeek1d ago

Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters

→ No new info (linked only)

Tier E

Hacker News1d ago

ShinyHunters hacked 100 orgs by exploiting an Oracle PeopleSoft 0-day

→ No new info (linked only)

Tier B

CERT-FR1d ago

Vulnérabilité dans Oracle PeopleSoft (12 juin 2026)

→ No new info (linked only)

Tier D

The Hacker News1d ago

ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities

→ No new info (linked only)

Tier D

BleepingComputer1d ago

Oracle mitigates PeopleSoft zero-day exploited in data theft attacks

→ No new info (linked only)

Tier C

Mandiant Blog2d ago

ShinyHunters Targets Education Sector with Oracle PeopleSoft Exploit

→ No new info (linked only)

Tier D

SecurityWeek2d ago

Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks

→ No new info (linked only)

Tier B

CCCS Canada2d ago

Oracle security advisory (AV26-587)

→ No new info (linked only)

Tier D

Help Net Security2d ago

Oracle PeopleSoft servers under attack, Oracle pushes out-of-band security alert

→ No new info (linked only)

Tier B

BSI Advisories2d ago

[NEU] [hoch] Oracle PeopleSoft: Schwachstelle ermöglicht nicht spezifizierten Angriff

→ No new info (linked only)

Tier D

Heise Security2d ago

Oracle warnt außer der Reihe vor kritischer PeopleSoft-Codeschmuggel-Lücke

→ No new info (linked only)

Tier C

VulDB2d ago

CVE-2026-35273 | Oracle PeopleSoft Enterprise PeopleTools 8.61/8.62 Updates Environment Management Remote Code Execution

→ No new info (linked only)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA KEV✅ Yes

Actively exploited✅ Yes

Patch available

https://www.oracle.com/security-alerts/alert-cve-2026-35273.html

PublishedJun 11, 2026

Last enriched18h agov13

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-22016

CVE-2026-22016: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE

Trending: 20

MEDIUMCVE-2026-22021

CVE-2026-22021: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE

Trending: 18

MEDIUMCVE-2026-22013EXP

CVE-2026-22013: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE

Trending: 16

CRITICALCVE-2026-46833

CVE-2026-46833: Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-2

Trending: 16

LOWCVE-2026-22018EXP

CVE-2026-22018: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE

Trending: 15

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 11, 2026

Added to CISA KEV

Jun 11, 2026

Discovered by ZDM

Jun 11, 2026

Updated: description

Jun 11, 2026

Updated: tags

Jun 11, 2026

Updated: affectedVersions, exploitAvailable, activelyExploited

Jun 11, 2026

Updated: description, iocs, tags

Jun 11, 2026

Updated: description

Jun 11, 2026

Updated: iocs

Jun 11, 2026

Updated: iocs

Jun 11, 2026

Updated: description, cweIds, tags

Jun 11, 2026

Updated: description, tags

Jun 12, 2026

Updated: description, iocs

Jun 12, 2026

Updated: description, cweIds, iocs, tags

Jun 12, 2026

Updated: tags

Jun 12, 2026

Actively Exploited

Jun 13, 2026

Exploit Available

Jun 13, 2026

Patch Available

Jun 13, 2026

Version History

v13

Last enriched 18h ago

v13Tier D18h ago

Updated description with details on exploitation by the ShinyHunters group, added new IoCs, and included new tags related to ransomware and extortion.