CISA Warns of Oracle PeopleSoft 0-Day Vulnerability Exploited in Ransomware Attacks (CVE-2026-35273)
Key Facts
- Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical vulnerability in Oracle PeopleSoft Enterprise PeopleTools, identified as CVE-2026-35273.
- CISA has added a critical Oracle PeopleSoft vulnerability, tracked as CVE-2026-35273, to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild.
- The rapid exploitation of CVE-2026-35273 highlights the ongoing trend of threat actors targeting enterprise software vulnerabilities to gain initial access.
- The vulnerability is classified under CWE-306 (Missing Authentication for Critical Function), indicating a failure to enforce authentication mechanisms for sensitive operations.
- CISA added CVE-2026-35273 to its KEV catalog on June 12, 2026, with a remediation due date of June 15, 2026, under Binding Operational Directive (BOD) 26-04.
- Oracle PeopleSoft 0-Day Vulnerability Exploit According to CISA, the vulnerability has already been exploited in ransomware campaigns, raising significant concerns for organizations that rely on PeopleSoft environments.
- This vulnerability, categorized as CWE-306 (Missing Authentication for Critical Function), allows unauthenticated attackers to gain full control of vulnerable PeopleSoft environments.
- The flaw affects Oracle PeopleSoft Enterprise PeopleTools and enables unauthenticated attackers to gain full control over affected systems.
- Successful exploitation could allow attackers to access sensitive financial, HR, and operational data, deploy ransomware payloads, and establish persistent access within enterprise networks.
- Join ISC2’s LIVE webinar, “Ghost in the Machine” – Book Your Spot Here The post CISA Warns of Oracle PeopleSoft 0-Day Vulnerability Exploited in Ransomware Attacks appeared first on Cyber Security News.
Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical vulnerability in Oracle PeopleSoft Enterprise PeopleTools, identified as CVE-2026-35273. The issue is tracked as CVE-2026-35273. CISA has added a critical Oracle PeopleSoft vulnerability, tracked as CVE-2026-35273, to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild.
The Vulnerability
The rapid exploitation of CVE-2026-35273 highlights the ongoing trend of threat actors targeting enterprise software vulnerabilities to gain initial access.
Further details indicate that the vulnerability is classified under CWE-306 (Missing Authentication for Critical Function), indicating a failure to enforce authentication mechanisms for sensitive operations.
CISA added CVE-2026-35273 to its KEV catalog on June 12, 2026, with a remediation due date of June 15, 2026, under Binding Operational Directive (BOD) 26-04.
Oracle PeopleSoft 0-Day Vulnerability Exploit According to CISA, the vulnerability has already been exploited in ransomware campaigns, raising significant concerns for organizations that rely on PeopleSoft environments.
Technical Details
CVEs:
From a technical standpoint, the vulnerability presents several concerns:
This vulnerability, categorized as CWE-306 (Missing Authentication for Critical Function), allows unauthenticated attackers to gain full control of vulnerable PeopleSoft environments.
The flaw affects Oracle PeopleSoft Enterprise PeopleTools and enables unauthenticated attackers to gain full control over affected systems.
Successful exploitation could allow attackers to access sensitive financial, HR, and operational data, deploy ransomware payloads, and establish persistent access within enterprise networks.
Join ISC2’s LIVE webinar, “Ghost in the Machine”, Book Your Spot Here The post CISA Warns of Oracle PeopleSoft 0-Day Vulnerability Exploited in Ransomware Attacks appeared first on Cyber Security News.
Risk & Exposure
The flaw affects Oracle PeopleSoft Enterprise PeopleTools and enables unauthenticated attackers to gain full control over affected systems. Oracle PeopleSoft 0-Day Vulnerability Exploit According to CISA, the vulnerability has already been exploited in ransomware campaigns, raising significant concerns for organizations that rely on PeopleSoft environments. Organizations are strongly advised to apply vendor-provided patches and mitigations immediately.
Timeline
| Date | Event | |, , |, , -| | 2026 | CISA has added a critical Oracle PeopleSoft vulnerability, tracked as CVE-2026-35273, to its Known Exploited Vulnerab… | | 2026 | Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation … |
Patching & Remediation
-
The flaw affects Oracle PeopleSoft Enterprise PeopleTools and enables unauthenticated attackers to gain full control over affected systems.
-
The directive emphasizes prioritizing security updates based on risk, particularly for vulnerabilities actively exploited in attacks.
-
Organizations are strongly advised to apply vendor-provided patches and mitigations immediately.
-
If patches are unavailable, CISA recommends discontinuing use of affected systems or implementing compensating controls to reduce exposure.
-
Security teams should also assess internet-facing assets to identify vulnerable PeopleSoft instances and restrict unauthorized access.
-
In addition to patching, CISA urges organizations to follow its “Forensics Triage Requirements” to detect potential compromise.
Analysis
This disclosure adds to a growing pattern of significant vulnerabilities affecting enterprise infrastructure. The incident highlights the continued pressure ransomware operators are placing on organizations worldwide.
Sources
Sources & References
- CVE-2026-35273 — NIST National Vulnerability Database entry. https://nvd.nist.gov/vuln/detail/CVE-2026-35273
- CVE-2026-35273 — Oracle advisory. https://www.oracle.com/security-alerts/cve-2026-35273.html
- CVE-2026-35273 — National Vulnerability Database
SecurityXP delivers daily cybersecurity news, vulnerability analysis, data breach reports, and threat intelligence.
Security Digest
Get the latest cybersecurity news, vulnerability alerts, and threat intelligence delivered to your inbox.
Related Articles
Oracle mitigates PeopleSoft zero-day exploited in data theft attacks
Oracle has issued mitigations for a critical PeopleSoft zero-day (CVE-2026-35273) enabling unauthenticated RCE, actively exploited in ShinyHunters data theft.
Vulnerabilities & ExploitsCisco Unified CM Flaw CVE-2026-20230 Actively Exploited in the Wild Vulnerability
Cisco Unified Communications Manager has a serious vulnerability, tracked as CVE-2026-20230 (CVSS score of 8.6), that attackers are already exploiting. The...
Vulnerabilities & ExploitsPalo Alto Warns of Exploitation of VPN Bypass Exploits (CVE-2026-0257) in PAN-OS Flaw Vulnerability
"Only a small portion of the probed devices actually established VPN sessions, resulting in gateway-connected events." The company has also released...
Vulnerabilities & ExploitsAttackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer Vulnerability
"Credentials accessible from a developer or administrator workstation may provide entry into production infrastructure, build pipelines, source code...