[CIVN-2026-0307] Remote Code Execution Vulnerability in Oracle PeopleSoft Enterprise PeopleTools
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Remote Code Execution Vulnerability in Oracle PeopleSoft Enterprise PeopleTools
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: CRITICAL
Software Affected
Oracle PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62
Overview
A vulnerability has been reported in Oracle PeopleSoft Enterprise PeopleTools, which may allow a remote attacker to execute arbitrary code on the targeted system.
Target Audience:
All end-user organizations and individuals using Oracle PeopleSoft Enterprise PeopleTools.
Risk Assessment:
High risk of unauthorized access, remote system takeover, and compromise of affected PeopleSoft environments.
Impact Assessment:
Potential for complete system takeover, unauthorized access to sensitive information, data theft, and disruption of services.
Description
Oracle PeopleSoft Enterprise PeopleTools is a framework used by Oracle PeopleSoft applications for application development, system administration and runtime services.
This vulnerability exists in the Updates Environment Management component of Oracle PeopleSoft Enterprise PeopleTools. An unauthenticated attacker with network access via HTTP can compromise affected PeopleSoft Enterprise PeopleTools instances.
Successful exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on the targeted system.
Note: This vulnerability is being actively exploited in the wild. Users are strongly advised to apply the latest patches immediately.
Solution
Apply appropriate security updates and mitigations as mentioned in
https://www.oracle.com/security-alerts/alert-cve-2026-35273.html
Vendor Information
Oracle
https://www.oracle.com/security-alerts/alert-cve-2026-35273.html
References
https://www.oracle.com/security-alerts/alert-cve-2026-35273.html
https://www.bleepingcomputer.com/news/security/oracle-mitigates-peoplesoft-zero-day-exploited-in-data-theft-attacks/
CVE Name
CVE-2026-35273
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmotSosACgkQ3jCgcSdc
ys+IHQ//d7awiNs9gc+d9CCET59A7M3HCApC0IclmQrE39tR0mPDB0WTOtwYnuoJ
1PRe4hou3GJvc6e7ImyxTHuZTJVlz9rnvw4/6IELUWOVk6mwHq7a1dZ1Z2pn1Hh6
KN8ovid1yeJBRf27fgY3WCj6CDHfSXC03JnKZNTU/LgKANiIA+KWAp+/0YQ/ilj7
/yKl84PLF/iuGmvJY20xDJJMBS3i591EpAjFzaNTrqHeN3yPzjDs72trAYwV0Net
XHEGQtWHuHjyvA5YtJKBBeEI6m4hptJXN/hUDQqsOoxytRciPAoqT/Le9rAxcgGN
+rMewfTod08dDuvwO9Hayr/j2RPo4bh5Ea/xlyARW767g5KuM6BE5NQxaEC2yP1w
Zuf93zKr/xwbFiG25RrlDJ41I3oMUR/xatTMWSnR3awB08pbj5JSz4Jz0QDTmxHK
mSCqNj/IZW+2ChWEMBOnRjET+wBzLoeCXKYoEvzhKLpNgpJLWg4PHkDitWrRiKOm
rRf5hwarAI+MnMj4S2EXPAMnXWb36Gv2PdRyCcOwTnc0DTOC4ULuY2wHXpa+93qd
dDjlKPVfDF4SHI9VKLmmf93stbsYsts9KkgtFpFVWWmzRnoi2fPqq0+lYo/XbxyY
RBplqI3tZ+7oJuANFyCbi55/n4qwZGCXtYQs8SqMNzHGd0/vTZ4=
=q4tc
—–END PGP SIGNATURE—–
