PatchSiren cyber security CVE debrief
CVE-2026-35278 Oracle Corporation CVE debrief
A critical vulnerability was found in PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft, specifically in the Performance Monitor component. The vulnerability affects versions 8.61 and 8.62, allowing unauthenticated attackers with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools, potentially leading to a takeover. This vulnerability has a CVSS 3.1 Base Score of 9.8, indicating a critical severity level with high impacts on confidentiality, integrity, and availability. Organizations should verify the integrity of their PeopleSoft Enterprise PT PeopleTools installations and review relevant logs for potential exploitation. Evidence is limited to public sources and may not reflect the full scope or impact of the vulnerability.
- Vendor
- Oracle Corporation
- Product
- PeopleSoft Enterprise PT PeopleTools
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-24
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-24
Who should care
Organizations using PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 should prioritize patching this vulnerability. The vulnerability's high CVSS score of 9.8 indicates a critical risk, with potential impacts on confidentiality, integrity, and availability.
Technical summary
The vulnerability is located in the Performance Monitor component of PeopleSoft Enterprise PT PeopleTools. It has a CVSS 3.1 Base Score of 9.8, indicating a critical severity level. The CVSS Vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, showing that the vulnerability can be exploited over the network without authentication, leading to high impacts on confidentiality, integrity, and availability.
Defensive priority
High
Recommended defensive actions
- Apply the patches provided by Oracle Corporation as soon as possible.
- Implement compensating controls such as network segmentation or access restrictions.
- Monitor for any suspicious activity related to PeopleSoft Enterprise PT PeopleTools.
- Review and update incident response plans to address potential exploitation.
- Verify the integrity of PeopleSoft Enterprise PT PeopleTools installations.
Evidence notes
The CVE record was published on 2026-06-17T10:40:20.083Z and was last modified on 2026-06-24T20:00:29.293Z. The NVD entry is currently Analyzed. The vulnerability details are based on the official CVE and NVD sources. Evidence is limited to public sources and may not reflect the full scope or impact of the vulnerability. Defenders should verify the integrity of PeopleSoft Enterprise PT PeopleTools installations and review relevant logs for potential exploitation.
Official resources
-
CVE-2026-35278 CVE record
CVE.org
-
CVE-2026-35278 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:40:20.083Z and has not been modified since then. The NVD entry is currently Analyzed.