Full Report
Oracle security advisory (AV26-587)
Analysis Summary
# Vulnerability: Oracle PeopleSoft Enterprise PeopleTools Critical Unauthenticated Vulnerability
## CVE Details
- **CVE ID:** CVE-2026-35273
- **CVSS Score:** 9.8 (Critical) - *Commonly assigned score for the severity level indicated*
- **CWE:** Not specifically listed in the advisory (Typically associated with Improper Input Validation or Broken Access Control in PeopleTools contexts)
## Affected Systems
- **Products:** PeopleSoft Enterprise PeopleTools
- **Versions:** 8.61 and 8.62
- **Configurations:** Systems accessible via the network (typically web-facing components)
## Vulnerability Description
While the advisory identifies this as a critical vulnerability within the PeopleTools suite, specific technical internals are often restricted by Oracle until a high patch adoption rate is reached. Based on the high severity rating, the flaw likely allows an unauthenticated attacker with network access via HTTP to compromise the PeopleSoft Enterprise PeopleTools environment without requiring user interaction.
## Exploitation
- **Status:** **Exploited in the wild.** Open-source reporting confirms active exploitation by threat actors.
- **Complexity:** Low
- **Attack Vector:** Network
## Impact
- **Confidentiality:** High (Potential for full data exfiltration)
- **Integrity:** High (Potential for unauthorized data modification)
- **Availability:** High (Potential for complete system takeover or service disruption)
## Remediation
### Patches
- Oracle has released a Security Alert Advisory specific to this CVE. Users should immediately apply the security updates provided by Oracle for **PeopleTools versions 8.61 and 8.62**.
- Refer to the Oracle Security Alert Advisory for specific patch IDs and download instructions via My Oracle Support (MOS).
### Workarounds
- There are no listed official workarounds that substitute for patching.
- Restricting network access to PeopleSoft instances (e.g., behind a VPN or IP-restricted gateway) can reduce the attack surface until patches are applied.
## Detection
- **Indicators of compromise:** Monitor web server logs for unusual POST requests or access to administrative endpoints from unknown IP addresses.
- **Detection methods and tools:**
- Use Vulnerability Scanners with updated plugins for Oracle Security Alert CVE-2026-35273.
- Review system audit logs for unauthorized administrative user creation or unexpected configuration changes.
## References
- Oracle Security Alert Advisory - CVE-2026-35273: hxxps[://]www[.]oracle[.]com/security-alerts/alert-cve-2026-35273[.]html
- Oracle Critical Patch Updates, Security Alerts and Bulletins: hxxps[://]www[.]oracle[.]com/security-alerts/
- Canadian Centre for Cyber Security Advisory: hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/oracle-security-advisory-av26-587