CISA Warns of Oracle PeopleSoft 0-Day Vulnerability Exploited in Ransomware Attacks (CVE-2026-35273)

Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical vulnerability in Oracle PeopleSoft Enterprise PeopleTools, identified as CVE-2026-35273. The issue is tracked as CVE-2026-35273. CISA has added a critical Oracle PeopleSoft vulnerability, tracked as CVE-2026-35273, to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild.

The Vulnerability

The rapid exploitation of CVE-2026-35273 highlights the ongoing trend of threat actors targeting enterprise software vulnerabilities to gain initial access.

Further details indicate that the vulnerability is classified under CWE-306 (Missing Authentication for Critical Function), indicating a failure to enforce authentication mechanisms for sensitive operations.

CISA added CVE-2026-35273 to its KEV catalog on June 12, 2026, with a remediation due date of June 15, 2026, under Binding Operational Directive (BOD) 26-04.

Oracle PeopleSoft 0-Day Vulnerability Exploit According to CISA, the vulnerability has already been exploited in ransomware campaigns, raising significant concerns for organizations that rely on PeopleSoft environments.

Technical Details

CVEs:

• CVE-2026-35273

From a technical standpoint, the vulnerability presents several concerns:

This vulnerability, categorized as CWE-306 (Missing Authentication for Critical Function), allows unauthenticated attackers to gain full control of vulnerable PeopleSoft environments.

The flaw affects Oracle PeopleSoft Enterprise PeopleTools and enables unauthenticated attackers to gain full control over affected systems.

Successful exploitation could allow attackers to access sensitive financial, HR, and operational data, deploy ransomware payloads, and establish persistent access within enterprise networks.

Join ISC2’s LIVE webinar, “Ghost in the Machine”, Book Your Spot Here The post CISA Warns of Oracle PeopleSoft 0-Day Vulnerability Exploited in Ransomware Attacks appeared first on Cyber Security News.

Risk & Exposure

The flaw affects Oracle PeopleSoft Enterprise PeopleTools and enables unauthenticated attackers to gain full control over affected systems. Oracle PeopleSoft 0-Day Vulnerability Exploit According to CISA, the vulnerability has already been exploited in ransomware campaigns, raising significant concerns for organizations that rely on PeopleSoft environments. Organizations are strongly advised to apply vendor-provided patches and mitigations immediately.

Timeline

| Date | Event | |, , |, , -| | 2026 | CISA has added a critical Oracle PeopleSoft vulnerability, tracked as CVE-2026-35273, to its Known Exploited Vulnerab… | | 2026 | Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation … |

Patching & Remediation

1. The flaw affects Oracle PeopleSoft Enterprise PeopleTools and enables unauthenticated attackers to gain full control over affected systems.

2. The directive emphasizes prioritizing security updates based on risk, particularly for vulnerabilities actively exploited in attacks.

3. Organizations are strongly advised to apply vendor-provided patches and mitigations immediately.

4. If patches are unavailable, CISA recommends discontinuing use of affected systems or implementing compensating controls to reduce exposure.

5. Security teams should also assess internet-facing assets to identify vulnerable PeopleSoft instances and restrict unauthorized access.

6. In addition to patching, CISA urges organizations to follow its “Forensics Triage Requirements” to detect potential compromise.

Analysis

This disclosure adds to a growing pattern of significant vulnerabilities affecting enterprise infrastructure. The incident highlights the continued pressure ransomware operators are placing on organizations worldwide.

Sources

1. https://nvd.nist.gov/vuln/detail/CVE-2026-35273
2. https://www.oracle.com/security-alerts/cve-2026-35273.html