← ExploitWatch
HomeExploited Vulnerabilities

CVE-2026-35273 — Actively Exploited: PeopleSoft Enterprise PeopleTools (Oracle)

Oracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools.

CVE IDCVE-2026-35273
VendorOracle
ProductPeopleSoft Enterprise PeopleTools
Vulnerability nameOracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability
Date added2026-06-12
Remediation due2026-06-15
Known ransomware useKnown
Required actionApply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discon
DescriptionOracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →