PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-35276 Oracle Corporation CVE debrief

A vulnerability was discovered in PeopleSoft Enterprise PT PeopleTools, affecting versions 8.61 and 8.62. This difficult-to-exploit vulnerability allows unauthenticated attackers with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools, potentially leading to a takeover. The vulnerability has a CVSS 3.1 Base Score of 8.1, indicating high confidentiality, integrity, and availability impacts. The CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. Organizations should prioritize patching this vulnerability to prevent potential takeovers.

Vendor
Oracle Corporation
Product
PeopleSoft Enterprise PT PeopleTools
CVSS
HIGH 8.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-24
Advisory published
2026-06-17
Advisory updated
2026-06-24

Who should care

Organizations using PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 should prioritize patching this vulnerability to prevent potential takeovers. Security teams and vulnerability management teams should review the CVSS score and vector to understand the severity of the vulnerability. Operators and administrators of PeopleSoft Enterprise PT PeopleTools should review the affected scope and implement compensating controls if necessary.

Technical summary

The vulnerability, CVE-2026-35276, is located in the Application Server component of PeopleSoft Enterprise PT PeopleTools. It has a CVSS 3.1 Base Score of 8.1, indicating high confidentiality, integrity, and availability impacts. The CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability allows unauthenticated attackers with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks can result in takeover of PeopleSoft Enterprise PT PeopleTools.

Defensive priority

High

Recommended defensive actions

  • Apply the vendor-provided patches for PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62.
  • Implement compensating controls such as network segmentation and access restrictions.
  • Monitor for suspicious activity and implement logging and auditing.
  • Verify the integrity of PeopleSoft Enterprise PT PeopleTools installations.
  • Consider vulnerability scanning and penetration testing to identify potential weaknesses.
  • Review relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.

Evidence notes

The CVE record was published on 2026-06-17T10:40:19.873Z and last modified on 2026-06-24T20:01:05.013Z. The NVD entry is currently Analyzed. This information is based on the NVD entry and the CVE record. The vulnerability affects PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62. The CVSS score is 8.1, indicating high severity. The vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. There is no evidence of exploitation in the wild, but defenders should verify the integrity of their PeopleSoft Enterprise PT PeopleTools installations.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:40:19.873Z and has not been modified since then. The NVD entry is currently Analyzed.