• Home
  • cyber
  • Oracle: Oracle Emergency Security Update to Fix Critical RCE Vulnerability
cyber Vulnerability

Oracle: Oracle Emergency Security Update to Fix Critical RCE Vulnerability

Jun 11, 2026 2 min read
Oracle: Oracle Emergency Security Update to Fix Critical RCE Vulnerability

Oracle Issues Emergency Alert for Critical PeopleSoft RCE Vulnerability (CVE-2026-35273)

Oracle has released an urgent Security Alert addressing a critical remote code execution (RCE) vulnerability, CVE-2026-35273, in PeopleSoft Enterprise PeopleTools. With a CVSS score of 9.8, the flaw poses a severe risk to enterprise systems, enabling unauthenticated attackers to execute arbitrary code remotely over HTTP without requiring user interaction or privileges.

The vulnerability resides in the Updates Environment Management component of PeopleSoft PeopleTools versions 8.61 and 8.62, though unsupported or earlier versions may also be affected. Discovered by researchers at TrendAI Zero Day Initiative (including Bobby Gould, Lucas Miller, and Minh Giang), the flaw has low attack complexity, increasing the likelihood of exploitation in the wild.

Successful exploitation could lead to full system compromise, allowing attackers to access sensitive data, alter configurations, or disrupt services. Publicly exposed PeopleSoft instances are particularly vulnerable, potentially enabling lateral movement within corporate networks.

Oracle has released patches and mitigation guidance, urging organizations to apply updates immediately, restrict external access to PeopleSoft environments, and monitor for suspicious activity. Systems running unsupported versions face heightened risk, as patches are only available for those under Premier or Extended Support.

Given PeopleSoft’s role in managing HR, finance, and other critical operations, exploitation of this flaw could have significant operational and security consequences. Enterprises are advised to treat CVE-2026-35273 as a high-priority threat.

Source: https://cybersecuritynews.com/oracle-security-update/

Oracle TPRM report: https://www.rankiteo.com/company/oracle

"id": "ora1781180663",
"linkid": "oracle",
"type": "Vulnerability",
"date": "6/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': 'Enterprises using PeopleSoft '
                                              'Enterprise PeopleTools '
                                              '(versions 8.61, 8.62, and '
                                              'potentially unsupported '
                                              'versions)',
                        'industry': 'Technology/Enterprise Software',
                        'name': 'Oracle',
                        'type': 'Vendor'}],
 'attack_vector': 'HTTP',
 'data_breach': {'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Sensitive data'},
 'description': 'Oracle has released an urgent Security Alert addressing a '
                'critical remote code execution (RCE) vulnerability, '
                'CVE-2026-35273, in PeopleSoft Enterprise PeopleTools. With a '
                'CVSS score of 9.8, the flaw poses a severe risk to enterprise '
                'systems, enabling unauthenticated attackers to execute '
                'arbitrary code remotely over HTTP without requiring user '
                'interaction or privileges. The vulnerability resides in the '
                'Updates Environment Management component of PeopleSoft '
                'PeopleTools versions 8.61 and 8.62, though unsupported or '
                'earlier versions may also be affected. Successful '
                'exploitation could lead to full system compromise, allowing '
                'attackers to access sensitive data, alter configurations, or '
                'disrupt services.',
 'impact': {'data_compromised': 'Sensitive data',
            'operational_impact': 'Full system compromise, disruption of '
                                  'services',
            'systems_affected': 'PeopleSoft Enterprise PeopleTools (versions '
                                '8.61, 8.62, and potentially unsupported '
                                'versions)'},
 'post_incident_analysis': {'corrective_actions': 'Apply patches, restrict '
                                                  'external access, monitor '
                                                  'for suspicious activity',
                            'root_causes': 'Vulnerability in Updates '
                                           'Environment Management component '
                                           'of PeopleSoft PeopleTools'},
 'recommendations': 'Apply patches immediately, restrict external access to '
                    'PeopleSoft environments, monitor for suspicious activity, '
                    'treat CVE-2026-35273 as a high-priority threat',
 'references': [{'source': 'TrendAI Zero Day Initiative'}],
 'response': {'communication_strategy': 'Urgent Security Alert issued by '
                                        'Oracle',
              'containment_measures': 'Restrict external access to PeopleSoft '
                                      'environments, monitor for suspicious '
                                      'activity',
              'enhanced_monitoring': 'Monitor for suspicious activity',
              'remediation_measures': 'Apply patches released by Oracle'},
 'title': 'Oracle Issues Emergency Alert for Critical PeopleSoft RCE '
          'Vulnerability (CVE-2026-35273)',
 'type': 'Remote Code Execution (RCE)',
 'vulnerability_exploited': 'CVE-2026-35273'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.