Oracle Emergency Security Update to Fix Critical RCE Vulnerability
Cybersecurity NewsArchived Jun 11, 2026✓ Full text saved
Oracle has issued an emergency Security Alert to address a critical remote code execution vulnerability (CVE-2026-35273) affecting PeopleSoft Enterprise PeopleTools. The vulnerability carries a CVSS v3.1 score of 9.8, highlighting its severity and the urgent need for remediation across enterprise environments. The flaw resides in the Updates Environment Management component of PeopleSoft PeopleTools and can […] The post Oracle Emergency Security Update to Fix Critical RCE Vulnerability appeared
Full text archived locally
✦ AI Summary· Claude Sonnet
HomeCyber Security News
Oracle Emergency Security Update to Fix Critical RCE Vulnerability
By Abinaya
June 11, 2026
Oracle has issued an emergency Security Alert to address a critical remote code execution vulnerability (CVE-2026-35273) affecting PeopleSoft Enterprise PeopleTools.
The vulnerability carries a CVSS v3.1 score of 9.8, highlighting its severity and the urgent need for remediation across enterprise environments.
The flaw resides in the Updates Environment Management component of PeopleSoft PeopleTools and can be exploited remotely over HTTP.
It does not require authentication or user interaction, making it particularly dangerous for internet-facing systems.
Oracle confirmed that successful exploitation could allow attackers to execute arbitrary code, potentially leading to full system compromise.
Security researchers from TrendAI Zero Day Initiative, including Bobby Gould, Lucas Miller, and Minh Giang, were credited with discovering and reporting the vulnerability.
Their findings indicate that the attack complexity is low, which increases the likelihood of active exploitation attempts in the wild. The vulnerability impacts PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62.
Oracle Emergency Security Update
Oracle also warned that earlier or unsupported versions may be affected, even though they have not been formally tested.
Since patches are only released for supported versions under Premier or Extended Support, organizations running outdated systems face additional risk if they do not upgrade.
From a technical standpoint, the vulnerability allows network-based attacks without requiring any privileges.
It affects confidentiality, integrity, and availability at a high level, meaning attackers could access sensitive data, modify system configurations, or disrupt services entirely.
In a real-world scenario, a publicly exposed PeopleSoft instance could be compromised to deploy malicious payloads or facilitate lateral movement within a corporate network.
Oracle has released patches and mitigation guidance as part of the Security Alert and strongly recommends immediate action.
Organizations should prioritize applying the available updates, restrict external access to PeopleSoft environments, and monitor systems for suspicious activity.
Maintaining systems on supported versions is also critical to ensure continued access to security updates.
This issue underscores the ongoing threat posed by unauthenticated RCE vulnerabilities in widely deployed enterprise software.
Given PeopleSoft’s role in managing critical business operations such as HR and finance, exploitation of this flaw could have significant operational and data security consequences.
Organizations are advised to treat CVE-2026-35273 as a high-priority risk and take swift steps to secure their infrastructure.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Tags
cyber security
cyber security news
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Abinayahttps://cybersecuritynews.com/
Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space.
Trending News
Kali365 PhaaS Operation Expands Beyond Microsoft 365 to Target Okta and MAX Messenger
Microsoft Exchange Server 0-Day Vulnerability Exploited in Attacks Using Weaponized Email
Microsoft Patch Tuesday June 2026 – 198 Vulnerabilities Fixed, Including 3 Zero-days
Dashlane Details How Hackers Managed to Download Encrypted Password Vaults
Critical Hugging Face Transformers Vulnerability Enables Remote Code Execution Attacks
Latest News
Cyber Security News
Hackers Abuse VMware-Signed Binary to Sideload NIGHTFORGE Loader in Espionage Attacks
Cyber Security News
Multiple Splunk Enterprise Vulnerabilities Allow Attackers to Execute Malicious Script
Cyber Security News
Hackers Abuse AWS CloudTrail and Google Cloud Logging to Evade Detection and Exfiltrate Logs
Cyber Security News
China-Linked JDY Botnet Uses 1,500+ SOHO and IoT Devices for Rapid Vulnerability Exploitation
Cyber Security News
Microsoft Exchange Server 0-Day Vulnerability Exploited in Attacks Using Weaponized Email