PatchSiren cyber security CVE debrief
CVE-2026-35273 Oracle Corporation CVE debrief
CVE-2026-35273 is a Missing Authentication for Critical Function Vulnerability in Oracle PeopleSoft Enterprise PeopleTools. This vulnerability was published on 2026-06-12 and has been added to the CISA Known Exploited Vulnerabilities (KEV) catalog.
- Vendor
- Oracle Corporation
- Product
- PeopleSoft Enterprise PeopleTools
- CVSS
- CRITICAL 9.8
- CISA KEV
- Listed
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Administrators and users of Oracle PeopleSoft Enterprise PeopleTools should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by a missing authentication for a critical function in Oracle PeopleSoft Enterprise PeopleTools.
Defensive priority
High
Recommended defensive actions
- Apply mitigations in accordance with vendor instructions
- Ensure compliance with CISA's BOD 26-04 Prioritizing Security Updates Based on Risk guidance
- Follow CISA's Forensics Triage Requirements
Evidence notes
This vulnerability has been added to the CISA Known Exploited Vulnerabilities (KEV) catalog, indicating that it is being actively exploited.
Official resources
-
CVE-2026-35273 CVE record
CVE.org
-
CVE-2026-35273 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see
-
Source item URL
cisa_kev
CVE-2026-35273 was published on 2026-06-12. The CISA Known Exploited Vulnerabilities (KEV) catalog lists this vulnerability as being actively exploited and provides a due date of 2026-06-15 for applying mitigations.