Oracle has released an urgent security update to address a critical remote code execution (RCE) vulnerability, identified as CVE-2026-35273, in its PeopleSoft Enterprise PeopleTools software. This flaw, with a CVSS v3.1 score of 9.8, poses a significant risk to enterprise systems.
The vulnerability exists in the Updates Environment Management component of PeopleSoft PeopleTools and can be exploited remotely over HTTP without authentication or user interaction. Successful exploitation could allow attackers to execute arbitrary code, potentially leading to full system compromise.
Security researchers from TrendAI Zero Day Initiative, including Bobby Gould, Lucas Miller, and Minh Giang, discovered and reported the vulnerability. Their findings indicate that the attack complexity is low, increasing the likelihood of active exploitation attempts. The vulnerability affects PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62. Oracle has also warned that earlier or unsupported versions may be affected, even though they have not been formally tested.
Oracle has released patches and mitigation guidance as part of the Security Alert and strongly recommends immediate action. Organizations should prioritize applying the available updates, restrict external access to PeopleSoft environments, and monitor systems for suspicious activity. Maintaining systems on supported versions is also critical to ensure continued access to security updates.
This issue underscores the ongoing threat posed by unauthenticated RCE vulnerabilities in widely deployed enterprise software. Given PeopleSoft’s role in managing critical business operations such as HR and finance, exploitation of this flaw could have significant operational and data security consequences. Organizations are advised to treat CVE-2026-35273 as a high-priority risk and take swift steps to secure their infrastructure.
As reported by Cyber Security News, this vulnerability highlights the importance of timely patching and proactive security measures in safeguarding enterprise systems against emerging threats.
Organizations should remain vigilant and ensure that their systems are up-to-date to mitigate potential risks associated with such vulnerabilities.
Source: Cyber Security News
