• Category: Security
  • Status: confirmed
  • Sources: Oracle Security Alert, Oracle security blog
  • Summary: Oracle published Security Alert CVE-2026-35273 on 2026-06-11. The flaw is in the Updates Environment Management component of PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62. An unauthenticated attacker with HTTP access can achieve full remote code execution. CVSS 3.1 base score is 9.8.
  • Why it matters: Internet-exposed PeopleTools instances at affected versions face complete compromise risk; Oracle recommends immediate patching.

Send feedback on this story