PatchSiren cyber security CVE debrief
CVE-2026-35288 Oracle Corporation CVE debrief
A high-severity vulnerability was discovered in PeopleSoft Enterprise PT PeopleTools, affecting versions 8.61 and 8.62. The vulnerability allows high-privileged attackers with logon access to compromise the system, potentially impacting additional products. The vulnerability has a CVSS 3.1 Base Score of 8.2, indicating high confidentiality, integrity, and availability impacts. The CVSS Vector is CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. Organizations should prioritize patching this vulnerability to prevent potential system compromise.
- Vendor
- Oracle Corporation
- Product
- PeopleSoft Enterprise PT PeopleTools
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-24
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-24
Who should care
Organizations using PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 should prioritize patching this vulnerability to prevent potential system compromise. Affected operators, platforms, vulnerability-management, and security teams should review the vulnerability and implement necessary mitigations.
Technical summary
The vulnerability is located in the Deployment Package component of PeopleSoft Enterprise PT PeopleTools. It has a CVSS 3.1 Base Score of 8.2, indicating high confidentiality, integrity, and availability impacts. The CVSS Vector is CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. The vulnerability allows high-privileged attackers with logon access to compromise the system, potentially impacting additional products.
Defensive priority
High
Recommended defensive actions
- Apply the vendor-provided patch from Oracle Corporation
- Conduct thorough inventory checks to identify affected systems
- Implement compensating controls to monitor and restrict access to critical systems
- Review and update incident response plans to address potential exploitation
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
Evidence notes
The CVE record was published on 2026-06-17T10:40:21.013Z and last modified on 2026-06-24T19:58:25.950Z. The NVD entry is currently Analyzed. The vulnerability affects PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62, with a high CVSS score of 8.2. The vulnerability allows high-privileged attackers with logon access to compromise the system, potentially impacting additional products. Evidence is limited to public sources and may not reflect the full scope of the vulnerability.
Official resources
-
CVE-2026-35288 CVE record
CVE.org
-
CVE-2026-35288 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:40:21.013Z and has not been modified since then. The NVD entry is currently Analyzed.