CVE-2026-35273

Awaiting Analysis

Published: 11 Jun 2026, 02:25

Last modified:11 Jun 2026, 12:01

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

9.8 CRITICAL

v3.1 (cve.org)

EPSS Score

0.03% LOW

0% probability

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

11 Jun 2026, 02:25

Published

Vulnerability first disclosed

11 Jun 2026, 12:01

Last Modified

Vulnerability information updated

Description

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS Metrics

v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.03%• Percentile: 7%

Techniques & Countermeasures

CWE-306•Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Affected Systems

oracle corporation•peoplesoft enterprise peopletools
8.61 | 8.62

References (1)

https://www.oracle.com/security-alerts/alert-cve-2026-35273.html