Vulnerability Report

CVE-2026-35273

CISA KEV Active

Title: Takeover in PeopleSoft Enterprise PeopleTools

Auth Bypass

Proof Of Concept

PoC Available for CVE-2026-35273

CWE Category NVD-CWE-noinfo

Published Date Jun 11, 2026

Modified Date Jun 12, 2026

Exploit Status Available

Score 9.8 CVSS v3.1

Exploit Probability (EPSS)

7.51%

Vulnerability Summary

CVE-2026-35273: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Impacted Vendors

oracle 1

Reference Links

https://www.oracle.com/security-alerts/alert-cve-2026-35273.html

CVSS v3.1

Source Entity [email protected]

Severity CRITICAL

9.8

Attack Vector

NETWORK

Complexity

LOW

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2026-35273 Exploits & PoCs (Proof Of Concept)

GitHub https://github.com/HORKimhab/CVE-2026-35273

View Code

GitHub https://github.com/0xBlackash/CVE-2026-35273

View Code

June 12, 2026 MODIFIED