PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-35288 Oracle Corporation CVE debrief

A high-severity vulnerability was discovered in PeopleSoft Enterprise PT PeopleTools, affecting versions 8.61 and 8.62. The vulnerability allows high-privileged attackers with logon access to compromise the system, potentially impacting additional products. The vulnerability has a CVSS 3.1 Base Score of 8.2, indicating high confidentiality, integrity, and availability impacts. The CVSS Vector is CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. Organizations should prioritize patching this vulnerability to prevent potential system compromise.

Vendor
Oracle Corporation
Product
PeopleSoft Enterprise PT PeopleTools
CVSS
HIGH 8.2
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-24
Advisory published
2026-06-17
Advisory updated
2026-06-24

Who should care

Organizations using PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 should prioritize patching this vulnerability to prevent potential system compromise. Affected operators, platforms, vulnerability-management, and security teams should review the vulnerability and implement necessary mitigations.

Technical summary

The vulnerability is located in the Deployment Package component of PeopleSoft Enterprise PT PeopleTools. It has a CVSS 3.1 Base Score of 8.2, indicating high confidentiality, integrity, and availability impacts. The CVSS Vector is CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. The vulnerability allows high-privileged attackers with logon access to compromise the system, potentially impacting additional products.

Defensive priority

High

Recommended defensive actions

  • Apply the vendor-provided patch from Oracle Corporation
  • Conduct thorough inventory checks to identify affected systems
  • Implement compensating controls to monitor and restrict access to critical systems
  • Review and update incident response plans to address potential exploitation
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance

Evidence notes

The CVE record was published on 2026-06-17T10:40:21.013Z and last modified on 2026-06-24T19:58:25.950Z. The NVD entry is currently Analyzed. The vulnerability affects PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62, with a high CVSS score of 8.2. The vulnerability allows high-privileged attackers with logon access to compromise the system, potentially impacting additional products. Evidence is limited to public sources and may not reflect the full scope of the vulnerability.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:40:21.013Z and has not been modified since then. The NVD entry is currently Analyzed.