By Eduard Kovacs
Publication Date: 2026-06-11 13:57:00
Oracle released an out-of-band advisory on Thursday that addresses a PeopleSoft vulnerability that could be exploited by an unauthenticated attacker for remote code execution.
The Security warning comes amid reports that the infamous ShinyHunters The hacker group targets organizations that use PeopleSoft.
PeopleSoft is an integrated enterprise resource planning (ERP) software suite widely used by large companies to manage core business functions such as human resources, payroll, finance, supply chain, and campus operations.
The newly disclosed vulnerability is being tracked CVE-2026-35273and Oracle states that this is a critical issue affecting PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62. Users of PeopleSoft Enterprise Applications could also be affected.
It appears that Oracle has only released workarounds and not a full patch.
Oracle did not say whether CVE-2026-35273 was exploited as a zero-day in the wild, but noted in its advisory…
