CVE-2026-35273 — Actively Exploited: PeopleSoft Enterprise PeopleTools (Oracle)
Oracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools.
| CVE ID | CVE-2026-35273 |
|---|---|
| Vendor | Oracle |
| Product | PeopleSoft Enterprise PeopleTools |
| Vulnerability name | Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability |
| Date added | 2026-06-12 |
| Remediation due | 2026-06-15 |
| Known ransomware use | Known |
| Required action | Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discon |
| Description | Oracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools. |
| Source | CISA Known Exploited Vulnerabilities |
🔍 Search all exploited vulnerabilities →
$1499/mo
Try ExploitWatch →