A recently disclosed vulnerability (CVE‑2026‑35273) affects Oracle PeopleSoft Enterprise PeopleTools and may allow a remote, unauthenticated attacker to execute arbitrary code and take full control of affected systems. Severity level: CVSS Score: 9.8/Critical. Description: CVE‑2026‑35273 is a critical vulnerability in the Updates Environment Management component of PeopleSoft Enterprise PeopleTools. The flaw allows an unauthenticated attacker with network access over HTTP to exploit the application due to missing or improper access controls. An attacker can send specially crafted requests to the vulnerable component to execute arbitrary code, potentially leading to full application takeover without requiring credentials or user interaction. Affected Versions: Oracle PeopleSoft Enterprise PeopleTools Version 8.61 Version 8.62 Impact: Successful exploitation may allow attackers to gain complete control of the PeopleSoft application. Resolution: Install the latest available Oracle PeopleTools patches. Reference:
