PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-35274 Oracle Corporation CVE debrief

A vulnerability was discovered in PeopleSoft Enterprise PT PeopleTools, affecting versions 8.61 and 8.62. This vulnerability allows an unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools, potentially leading to unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data, as well as unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data. The CVSS 3.1 Base Score is 8.2, indicating a high severity vulnerability.

Vendor
Oracle Corporation
Product
PeopleSoft Enterprise PT PeopleTools
CVSS
HIGH 8.2
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-24
Advisory published
2026-06-17
Advisory updated
2026-06-24

Who should care

Organizations using PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 should prioritize patching this vulnerability to prevent potential unauthorized access to sensitive data. This includes reviewing relevant monitoring, detection, and logs for exposed assets that need extra review, and tracking exceptions, retesting remediated assets, and closing the item only after evidence is documented.

Technical summary

The vulnerability, with a CVSS 3.1 Base Score of 8.2, is caused by a weakness in the Deployment Package component of PeopleSoft Enterprise PT PeopleTools. An unauthenticated attacker with network access via HTTP can exploit this vulnerability. Successful attacks can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data, as well as unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data.

Defensive priority

High

Recommended defensive actions

  • Apply the patches provided by Oracle Corporation for PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62.
  • Implement compensating controls, such as monitoring and exception tracking, to detect potential exploitation attempts.
  • Conduct inventory checks to ensure that all instances of PeopleSoft Enterprise PT PeopleTools are updated with the latest patches.
  • Review relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.

Evidence notes

The CVE record was published on 2026-06-17T10:40:19.663Z and was last modified on 2026-06-24T20:01:37.550Z. The NVD entry is currently Analyzed. This information is based on the NVD entry and the CVE record. The vulnerability affects PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62. The CVSS 3.1 Base Score is 8.2, indicating a high severity vulnerability. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:40:19.663Z and has not been modified since then. The NVD entry is currently Analyzed.