CVE-2026-35273
Description
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
In plain language
AI Act nowCVE-2026-35273 is a critical, internet-reachable PeopleSoft flaw that can let an attacker take over your PeopleSoft system over HTTP; if you run Oracle PeopleSoft Enterprise PeopleTools 8.61 or 8.62, you should act immediately.
What to do
- Patch PeopleSoft Enterprise PeopleTools to a fixed version for the affected 8.61/8.62 releases as your first priority. 2) If you can’t patch immediately, block or restrict HTTP access to PeopleSoft “Updates Environment Management” from untrusted networks (especially the internet). 3) Ask your PeopleSoft/IT team to verify which environments/components are exposed and confirm when the system will be updated.
CVSS Vector Breakdown
AV:NAttack VectorAC:LAttack ComplexityPR:NPrivileges RequiredUI:NUser InteractionS:UScopeC:HConfidentialityI:HIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
2 techniquesReferences
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-35273 and every CVE in our database. Create a free account — no credit card required.
Create Free Account