Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks

https://www.securityweek.com/wp-content/uploads/2026/06/Oracle-PeopleSoft.jpeg

Oracle on Thursday released an out-of-band advisory addressing a PeopleSoft vulnerability that can be exploited by an unauthenticated attacker for remote code execution.

The security alert comes amid reports that the notorious ShinyHunters hacker group has been targeting organizations that use PeopleSoft.

PeopleSoft is an integrated enterprise resource planning (ERP) software suite widely used by large organizations for managing core business functions, including HR, payroll, finance, supply chain, and campus operations.

The newly disclosed vulnerability is tracked as CVE-2026-35273, and Oracle says it’s a critical issue that affects PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62. PeopleSoft Enterprise Applications users could also be impacted.

It appears that only mitigations have been released by Oracle rather than a full patch.

Oracle has not said whether CVE-2026-35273 has been exploited in the wild as a zero-day, but noted in its advisory, “We consider implementation of the recommended mitigations to be a high-priority...

Copyright of this story solely belongs to securityweek.com. To see the full text click HERE

Read more