CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 11, 2026

Oracle Emergency Security Update to Fix Critical RCE Vulnerability

Cybersecurity News Archived Jun 11, 2026 ✓ Full text saved

Oracle has issued an emergency Security Alert to address a critical remote code execution vulnerability (CVE-2026-35273) affecting PeopleSoft Enterprise PeopleTools. The vulnerability carries a CVSS v3.1 score of 9.8, highlighting its severity and the urgent need for remediation across enterprise environments. The flaw resides in the Updates Environment Management component of PeopleSoft PeopleTools and can […] The post Oracle Emergency Security Update to Fix Critical RCE Vulnerability appeared

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security News Oracle Emergency Security Update to Fix Critical RCE Vulnerability By Abinaya June 11, 2026 Oracle has issued an emergency Security Alert to address a critical remote code execution vulnerability (CVE-2026-35273) affecting PeopleSoft Enterprise PeopleTools. The vulnerability carries a CVSS v3.1 score of 9.8, highlighting its severity and the urgent need for remediation across enterprise environments. The flaw resides in the Updates Environment Management component of PeopleSoft PeopleTools and can be exploited remotely over HTTP. It does not require authentication or user interaction, making it particularly dangerous for internet-facing systems. Oracle confirmed that successful exploitation could allow attackers to execute arbitrary code, potentially leading to full system compromise. Security researchers from TrendAI Zero Day Initiative, including Bobby Gould, Lucas Miller, and Minh Giang, were credited with discovering and reporting the vulnerability. Their findings indicate that the attack complexity is low, which increases the likelihood of active exploitation attempts in the wild. The vulnerability impacts PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62. Oracle Emergency Security Update Oracle also warned that earlier or unsupported versions may be affected, even though they have not been formally tested. Since patches are only released for supported versions under Premier or Extended Support, organizations running outdated systems face additional risk if they do not upgrade. From a technical standpoint, the vulnerability allows network-based attacks without requiring any privileges. It affects confidentiality, integrity, and availability at a high level, meaning attackers could access sensitive data, modify system configurations, or disrupt services entirely. In a real-world scenario, a publicly exposed PeopleSoft instance could be compromised to deploy malicious payloads or facilitate lateral movement within a corporate network. Oracle has released patches and mitigation guidance as part of the Security Alert and strongly recommends immediate action. Organizations should prioritize applying the available updates, restrict external access to PeopleSoft environments, and monitor systems for suspicious activity. Maintaining systems on supported versions is also critical to ensure continued access to security updates. This issue underscores the ongoing threat posed by unauthenticated RCE vulnerabilities in widely deployed enterprise software. Given PeopleSoft’s role in managing critical business operations such as HR and finance, exploitation of this flaw could have significant operational and data security consequences. Organizations are advised to treat CVE-2026-35273 as a high-priority risk and take swift steps to secure their infrastructure. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News Kali365 PhaaS Operation Expands Beyond Microsoft 365 to Target Okta and MAX Messenger Microsoft Exchange Server 0-Day Vulnerability Exploited in Attacks Using Weaponized Email Microsoft Patch Tuesday June 2026 – 198 Vulnerabilities Fixed, Including 3 Zero-days Dashlane Details How Hackers Managed to Download Encrypted Password Vaults Critical Hugging Face Transformers Vulnerability Enables Remote Code Execution Attacks Latest News Cyber Security News Hackers Abuse VMware-Signed Binary to Sideload NIGHTFORGE Loader in Espionage Attacks Cyber Security News Multiple Splunk Enterprise Vulnerabilities Allow Attackers to Execute Malicious Script Cyber Security News Hackers Abuse AWS CloudTrail and Google Cloud Logging to Evade Detection and Exfiltrate Logs Cyber Security News China-Linked JDY Botnet Uses 1,500+ SOHO and IoT Devices for Rapid Vulnerability Exploitation Cyber Security News Microsoft Exchange Server 0-Day Vulnerability Exploited in Attacks Using Weaponized Email
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 11, 2026
    Archived
    Jun 11, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗