THREAT OPS › CVEs › CVE-2026-35273
CVE-2026-35273 — Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability
Oracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools.
Vulnerability details
- Affected products PeopleSoft Enterprise PeopleTools
- KEV remediation due2026-06-15
Related reporting
- ZDI-26-387: Oracle PeopleSoft HttpListeningConnector Server-Side Request Forgery Vulnerabilityzdi_published
- ZDI-26-388: Oracle PeopleSoft HubMBeanPersistance Deserialization of Untrusted Data Remote Code Execution Vulnerabilityzdi_published
- ZDI-26-389: Oracle PeopleSoft ExecuteProcessActivityCommand External Control of File Path Remote Code Execution Vulnerabilityzdi_published
- Oracle June 2026 Critical Security Patch Update Addresses 243 CVEs (CVE-2026-35273)tenable
- [CISA KEV] CVE-2026-35273 — Oracle PeopleSoft Enterprise PeopleTools: Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerabilitycisa_kev
- ShinyHunters Targets Education Sector with Oracle PeopleSoft Exploitmandiant_gti
- June 2026 CVE Landscaperecordedfuture
- Active Exploitation of Oracle PeopleSoft Zero-Day (CVE-2026-35273)rapid7
- 15th June – Threat Intelligence Reportcheckpoint_research