Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-18
Oracle’s Critical Security Patch Update (CSPU) for June 2026, its second CSPU, addresses 243 CVEs, including 122 critical updates.
https://www.oracle.com/security-alerts/alert-cve-2026-35273.html
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-35273
https://thehackernews.com/2026/06/oracle-e-business-suite-flaw-cve-2026.html
https://www.securityweek.com/oracles-second-monthly-security-updates-deliver-245-patches/
https://cyberscoop.com/oracle-peoplesoft-zero-day-vulnerability-shinyhunters-extortion/
https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html
Published: 2026-06-11
Updated: 2026-06-12
Known Exploited Vulnerability (KEV)
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Severity: Critical
Base Score: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: Critical
EPSS: 0.9233
Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.
Vulnerability of Interest