PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-35278 Oracle Corporation CVE debrief

A critical vulnerability was found in PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft, specifically in the Performance Monitor component. The vulnerability affects versions 8.61 and 8.62, allowing unauthenticated attackers with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools, potentially leading to a takeover. This vulnerability has a CVSS 3.1 Base Score of 9.8, indicating a critical severity level with high impacts on confidentiality, integrity, and availability. Organizations should verify the integrity of their PeopleSoft Enterprise PT PeopleTools installations and review relevant logs for potential exploitation. Evidence is limited to public sources and may not reflect the full scope or impact of the vulnerability.

Vendor
Oracle Corporation
Product
PeopleSoft Enterprise PT PeopleTools
CVSS
CRITICAL 9.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-24
Advisory published
2026-06-17
Advisory updated
2026-06-24

Who should care

Organizations using PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 should prioritize patching this vulnerability. The vulnerability's high CVSS score of 9.8 indicates a critical risk, with potential impacts on confidentiality, integrity, and availability.

Technical summary

The vulnerability is located in the Performance Monitor component of PeopleSoft Enterprise PT PeopleTools. It has a CVSS 3.1 Base Score of 9.8, indicating a critical severity level. The CVSS Vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, showing that the vulnerability can be exploited over the network without authentication, leading to high impacts on confidentiality, integrity, and availability.

Defensive priority

High

Recommended defensive actions

  • Apply the patches provided by Oracle Corporation as soon as possible.
  • Implement compensating controls such as network segmentation or access restrictions.
  • Monitor for any suspicious activity related to PeopleSoft Enterprise PT PeopleTools.
  • Review and update incident response plans to address potential exploitation.
  • Verify the integrity of PeopleSoft Enterprise PT PeopleTools installations.

Evidence notes

The CVE record was published on 2026-06-17T10:40:20.083Z and was last modified on 2026-06-24T20:00:29.293Z. The NVD entry is currently Analyzed. The vulnerability details are based on the official CVE and NVD sources. Evidence is limited to public sources and may not reflect the full scope or impact of the vulnerability. Defenders should verify the integrity of PeopleSoft Enterprise PT PeopleTools installations and review relevant logs for potential exploitation.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:40:20.083Z and has not been modified since then. The NVD entry is currently Analyzed.