PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-35271 Oracle Corporation CVE debrief

A high-severity vulnerability was discovered in PeopleSoft Enterprise PT PeopleTools, affecting versions 8.61 and 8.62. This vulnerability, tracked as CVE-2026-35271, has a CVSS 3.1 Base Score of 8.7, indicating a high level of risk. The vulnerability is difficult to exploit and allows an unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data or all PeopleSoft Enterprise PT PeopleTools accessible data, as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data.

Vendor
Oracle Corporation
Product
PeopleSoft Enterprise PT PeopleTools
CVSS
HIGH 8.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-24
Advisory published
2026-06-17
Advisory updated
2026-06-24

Who should care

Organizations using PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 should prioritize patching this vulnerability to prevent potential attacks. The vulnerability's high CVSS score and potential impact on critical data make it essential for security teams to take immediate action.

Technical summary

The vulnerability is located in the Weblogic component of PeopleSoft Enterprise PT PeopleTools. It has a CVSS Vector of (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N), indicating a high level of risk. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools, potentially leading to unauthorized access or modification of critical data.

Defensive priority

High

Recommended defensive actions

  • Apply the latest security patches for PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62
  • Implement network access controls to restrict HTTP access to PeopleSoft Enterprise PT PeopleTools
  • Monitor PeopleSoft Enterprise PT PeopleTools systems for suspicious activity
  • Conduct regular vulnerability assessments and penetration testing to identify potential weaknesses
  • Verify that PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 are properly configured and up-to-date
  • Review and update incident response plans to address potential attacks on PeopleSoft Enterprise PT PeopleTools
  • Track and analyze network traffic to detect potential exploitation attempts

Evidence notes

The CVE record was published on 2026-06-17T10:40:19.343Z and was last modified on 2026-06-24T20:02:40.640Z. The NVD entry is currently Analyzed. The vulnerability has a CVSS 3.1 Base Score of 8.7, indicating a high level of risk.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:40:19.343Z and has not been modified since then. The NVD entry is currently Analyzed.