SECURITY ALERT: Oracle PeopleSoft Critical Vulnerability (CVE-2026-35273)

Product / Version includes:

TrendAI Vision One™ All , Deep Discovery Inspector All , Deep Security All , TrendAI Vision One™ Endpoint Security - Server & Workload

Last updated: 2026/06/11

Solution ID: KA-0023679

Category:

Summary

Overview

Oracle has released a Security Alert addressing CVE-2026-35273, a critical vulnerability in Oracle PeopleSoft Enterprise PeopleTools.

Oracle PeopleSoft Enterprise Applications customers may also be affected.

The vulnerability allows an unauthenticated attacker with network access via HTTP to fully compromise PeopleSoft Enterprise PeopleTools, potentially resulting in a complete system takeover with high impact to confidentiality, integrity, and availability.

Oracle considers this a high-priority risk reduction measure and strongly recommends immediate action to address the identified exposure.

Affected Products

Product	Component	Affected Versions
PeopleSoft Enterprise PeopleTools	Updates Environment Management	8.61, 8.62

Vulnerability Details

Attribute	Value
CVE ID	CVE-2026-35273
CVSS Score	9.8 (Critical)

Impact

Successful exploitation can result in a full takeover of PeopleSoft Enterprise PeopleTools. The vulnerability carries the highest possible impact scores across all three pillars of the CIA triad:

Confidentiality: High — attacker may access all data
Integrity: High — attacker may modify or destroy data
Availability: High — attacker may disrupt system operations entirely

Recommended Actions

Oracle strongly recommends the following immediate actions:

Apply the available patch immediately via Oracle Support (Patch Availability Document ID: CPU187).
Ensure PeopleSoft PeopleTools installations are on versions 8.61 or 8.62 (supported versions). Earlier unsupported versions should be upgraded.
Remain on actively-supported versions and apply all Critical Patch Updates, Critical Security Patch Updates, and Security Alerts without delay.
Review network access controls to restrict HTTP access to PeopleSoft environments from untrusted networks as a compensating control.

TrendAI Protection and Detection Against Exploitation

In addition to the vendor supplied patches and remediation, TrendAI has released several critical protections against exploitation:

TrendAI Vision One Threat Intelligence Hub

TrendAI has added information into the Vision One Threat Intelligence Hub that provides relevant background information including Tactics, Techniques and Procedures (TTPs), Risk Management Guidance, and Threat Hunting Queries.

Detection Rules and Filters

TrendAI Vision One Endpoint Security IPS Rules (including Server and Workload Security (SWP) and Deep Security)

Rule 1012580 – Oracle Peoplesoft PeopleTools SSRF Vulnerability

TrendAI Vision One Network Security Digital Vaccine (DV) Filters (including TippingPoint)

Filter 47502 – HTTP: Oracle PeopleSoft Server-Side Request Forgery Vulnerability

TrendAI Deep Discovery Inspector (DDI)

Rule 5855 – Peoplesoft PeopleTools Environment Management Hub (PSEMHUB) SSRF Exploit – HTTP(Request)

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

SECURITY ALERT: Oracle PeopleSoft Critical Vulnerability (CVE-2026-35273)

Impact

Recommended Actions

TrendAI Protection and Detection Against Exploitation

SECURITY ALERT: Oracle PeopleSoft Critical Vulnerability (CVE-2026-35273)

Product / Version includes:

Summary

Overview

Affected Products

Vulnerability Details

Impact

Recommended Actions

TrendAI Protection and Detection Against Exploitation