PatchSiren cyber security CVE debrief
CVE-2026-35271 Oracle Corporation CVE debrief
A high-severity vulnerability was discovered in PeopleSoft Enterprise PT PeopleTools, affecting versions 8.61 and 8.62. This vulnerability, tracked as CVE-2026-35271, has a CVSS 3.1 Base Score of 8.7, indicating a high level of risk. The vulnerability is difficult to exploit and allows an unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data or all PeopleSoft Enterprise PT PeopleTools accessible data, as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data.
- Vendor
- Oracle Corporation
- Product
- PeopleSoft Enterprise PT PeopleTools
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-24
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-24
Who should care
Organizations using PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 should prioritize patching this vulnerability to prevent potential attacks. The vulnerability's high CVSS score and potential impact on critical data make it essential for security teams to take immediate action.
Technical summary
The vulnerability is located in the Weblogic component of PeopleSoft Enterprise PT PeopleTools. It has a CVSS Vector of (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N), indicating a high level of risk. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools, potentially leading to unauthorized access or modification of critical data.
Defensive priority
High
Recommended defensive actions
- Apply the latest security patches for PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62
- Implement network access controls to restrict HTTP access to PeopleSoft Enterprise PT PeopleTools
- Monitor PeopleSoft Enterprise PT PeopleTools systems for suspicious activity
- Conduct regular vulnerability assessments and penetration testing to identify potential weaknesses
- Verify that PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 are properly configured and up-to-date
- Review and update incident response plans to address potential attacks on PeopleSoft Enterprise PT PeopleTools
- Track and analyze network traffic to detect potential exploitation attempts
Evidence notes
The CVE record was published on 2026-06-17T10:40:19.343Z and was last modified on 2026-06-24T20:02:40.640Z. The NVD entry is currently Analyzed. The vulnerability has a CVSS 3.1 Base Score of 8.7, indicating a high level of risk.
Official resources
-
CVE-2026-35271 CVE record
CVE.org
-
CVE-2026-35271 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:40:19.343Z and has not been modified since then. The NVD entry is currently Analyzed.