Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks

Oracle released an emergency advisory for CVE-2026-35273, a critical unauthenticated RCE in PeopleSoft PeopleTools 8.61 and 8.62. ShinyHunters has reportedly exploited this vulnerability across 300+ instances at 100+ organizations. Oracle released mitigations only, not a full patch, and active exploitation in the wild remains unconfirmed but credible.

CRITICALAdvisoryJun 12, 2026

Action required

Immediately identify all PeopleSoft PeopleTools 8.61 and 8.62 instances in your environment. Apply Oracle's published mitigations now. Hunt for exploitation attempts against these versions by monitoring for suspicious web requests to PeopleSoft endpoints and unusual authentication patterns.

Affected products

OraclePeopleSoft Enterprise PeopleTools

CVE IDs

CVE-2026-35273

Linked articles

Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks

Source links

https://www.securityweek.com/oracle-addresses-peoplesoft-vulnerability-amid-reports-of-zero-day-attacks/