PatchSiren cyber security CVE debrief
CVE-2026-35276 Oracle Corporation CVE debrief
A vulnerability was discovered in PeopleSoft Enterprise PT PeopleTools, affecting versions 8.61 and 8.62. This difficult-to-exploit vulnerability allows unauthenticated attackers with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools, potentially leading to a takeover. The vulnerability has a CVSS 3.1 Base Score of 8.1, indicating high confidentiality, integrity, and availability impacts. The CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. Organizations should prioritize patching this vulnerability to prevent potential takeovers.
- Vendor
- Oracle Corporation
- Product
- PeopleSoft Enterprise PT PeopleTools
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-24
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-24
Who should care
Organizations using PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 should prioritize patching this vulnerability to prevent potential takeovers. Security teams and vulnerability management teams should review the CVSS score and vector to understand the severity of the vulnerability. Operators and administrators of PeopleSoft Enterprise PT PeopleTools should review the affected scope and implement compensating controls if necessary.
Technical summary
The vulnerability, CVE-2026-35276, is located in the Application Server component of PeopleSoft Enterprise PT PeopleTools. It has a CVSS 3.1 Base Score of 8.1, indicating high confidentiality, integrity, and availability impacts. The CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability allows unauthenticated attackers with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks can result in takeover of PeopleSoft Enterprise PT PeopleTools.
Defensive priority
High
Recommended defensive actions
- Apply the vendor-provided patches for PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62.
- Implement compensating controls such as network segmentation and access restrictions.
- Monitor for suspicious activity and implement logging and auditing.
- Verify the integrity of PeopleSoft Enterprise PT PeopleTools installations.
- Consider vulnerability scanning and penetration testing to identify potential weaknesses.
- Review relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
Evidence notes
The CVE record was published on 2026-06-17T10:40:19.873Z and last modified on 2026-06-24T20:01:05.013Z. The NVD entry is currently Analyzed. This information is based on the NVD entry and the CVE record. The vulnerability affects PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62. The CVSS score is 8.1, indicating high severity. The vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. There is no evidence of exploitation in the wild, but defenders should verify the integrity of their PeopleSoft Enterprise PT PeopleTools installations.
Official resources
-
CVE-2026-35276 CVE record
CVE.org
-
CVE-2026-35276 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:40:19.873Z and has not been modified since then. The NVD entry is currently Analyzed.