PatchSiren cyber security CVE debrief
CVE-2026-35274 Oracle Corporation CVE debrief
A vulnerability was discovered in PeopleSoft Enterprise PT PeopleTools, affecting versions 8.61 and 8.62. This vulnerability allows an unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools, potentially leading to unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data, as well as unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data. The CVSS 3.1 Base Score is 8.2, indicating a high severity vulnerability.
- Vendor
- Oracle Corporation
- Product
- PeopleSoft Enterprise PT PeopleTools
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-24
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-24
Who should care
Organizations using PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 should prioritize patching this vulnerability to prevent potential unauthorized access to sensitive data. This includes reviewing relevant monitoring, detection, and logs for exposed assets that need extra review, and tracking exceptions, retesting remediated assets, and closing the item only after evidence is documented.
Technical summary
The vulnerability, with a CVSS 3.1 Base Score of 8.2, is caused by a weakness in the Deployment Package component of PeopleSoft Enterprise PT PeopleTools. An unauthenticated attacker with network access via HTTP can exploit this vulnerability. Successful attacks can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data, as well as unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data.
Defensive priority
High
Recommended defensive actions
- Apply the patches provided by Oracle Corporation for PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62.
- Implement compensating controls, such as monitoring and exception tracking, to detect potential exploitation attempts.
- Conduct inventory checks to ensure that all instances of PeopleSoft Enterprise PT PeopleTools are updated with the latest patches.
- Review relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
Evidence notes
The CVE record was published on 2026-06-17T10:40:19.663Z and was last modified on 2026-06-24T20:01:37.550Z. The NVD entry is currently Analyzed. This information is based on the NVD entry and the CVE record. The vulnerability affects PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62. The CVSS 3.1 Base Score is 8.2, indicating a high severity vulnerability. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools.
Official resources
-
CVE-2026-35274 CVE record
CVE.org
-
CVE-2026-35274 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:40:19.663Z and has not been modified since then. The NVD entry is currently Analyzed.