vulnerability
Oracle PeopleTools: CVE-2026-35273: Enterprise PeopleTools Vulnerability - Remote Code Execution
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Jun 11, 2026 | Jun 12, 2026 | Jun 15, 2026 |
Severity
9
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Jun 11, 2026
Added
Jun 12, 2026
Modified
Jun 15, 2026
Description
This Security Alert addresses a vulnerability (CVE-2026-35273) in Oracle PeopleSoft PeopleTools. The affected versions include 8.61, 8.62 If successfully exploited, this vulnerability may result in remote code execution. We consider the implementation of recommended mitigations to be a high-priority risk reduction measure and strongly recommend immediate action to address the identified exposure.
Solution
oracle-people-tools-cve-2026-35273-mitigation
References
- CVE-2026-35273
- https://attackerkb.com/topics/CVE-2026-35273
- CWE-306
- https://www.oracle.com/security-alerts/alert-cve-2026-35273.html
- EUVD-EUVD-2026-36199
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-36199
- https://www.rapid7.com/blog/post/etr-active-exploitation-of-oracle-peoplesoft-zero-day-cve-2026-35273/
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.