CISA Warns of Oracle PeopleSoft 0-Day Vulnerability Exploited in Ransomware Attacks
Cybersecurity NewsArchived Jun 17, 2026✓ Full text saved
CISA has added a critical Oracle PeopleSoft vulnerability, tracked as CVE-2026-35273, to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild. The flaw affects Oracle PeopleSoft Enterprise PeopleTools and enables unauthenticated attackers to gain full control over affected systems. The vulnerability is classified under CWE-306 (Missing Authentication for Critical Function), indicating a […] The post CISA Warns of Oracle PeopleSoft 0-Day Vulnerability Expl
Full text archived locally
✦ AI Summary· Claude Sonnet
HomeCyber Security News
CISA Warns of Oracle PeopleSoft 0-Day Vulnerability Exploited in Ransomware Attacks
By Abinaya
June 17, 2026
CISA has added a critical Oracle PeopleSoft vulnerability, tracked as CVE-2026-35273, to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild.
The flaw affects Oracle PeopleSoft Enterprise PeopleTools and enables unauthenticated attackers to gain full control over affected systems.
The vulnerability is classified under CWE-306 (Missing Authentication for Critical Function), indicating a failure to enforce authentication mechanisms for sensitive operations.
This flaw allows remote attackers to execute critical functions without valid credentials, effectively leading to complete system takeover.
Oracle PeopleSoft 0-Day Vulnerability Exploit
According to CISA, the vulnerability has already been exploited in ransomware campaigns, raising significant concerns for organizations that rely on PeopleSoft environments.
While detailed technical exploitation methods remain limited, the nature of the flaw suggests attackers can remotely access administrative functionalities exposed over the internet.
Oracle PeopleSoft Enterprise PeopleTools is widely used for enterprise resource planning (ERP) applications, making it a high-value target for threat actors.
Successful exploitation could allow attackers to access sensitive financial, HR, and operational data, deploy ransomware payloads, and establish persistent access within enterprise networks.
CISA added CVE-2026-35273 to its KEV catalog on June 12, 2026, with a remediation due date of June 15, 2026, under Binding Operational Directive (BOD) 26-04.
The directive emphasizes prioritizing security updates based on risk, particularly for vulnerabilities actively exploited in attacks.
Organizations are strongly advised to apply vendor-provided patches and mitigations immediately. If patches are unavailable, CISA recommends discontinuing use of affected systems or implementing compensating controls to reduce exposure.
Security teams should also assess internet-facing assets to identify vulnerable PeopleSoft instances and restrict unauthorized access.
In addition to patching, CISA urges organizations to follow its “Forensics Triage Requirements” to detect potential compromise.
Indicators of exploitation may include unusual administrative activity, unauthorized access attempts, and unexpected system changes. Network monitoring and log analysis are critical to identifying early signs of intrusion.
Given the confirmed use in ransomware campaigns, defenders should also review backup strategies, ensure data integrity, and implement segmentation controls to limit lateral movement.
Multi-factor authentication (MFA) and strict access controls can further reduce the attack surface. However, they may not fully mitigate this specific flaw given its authentication-bypass nature.
The rapid exploitation of CVE-2026-35273 highlights the ongoing trend of threat actors targeting enterprise software vulnerabilities to gain initial access.
Organizations using Oracle PeopleSoft are urged to treat this issue as a top priority and take immediate action to prevent potential compromise.
CISO & Security Leaders: Your next breach may not have a face. Join ISC2’s LIVE webinar, “Ghost in the Machine” – Book Your Spot Here
Tags
cyber security
cyber security news
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Abinayahttps://cybersecuritynews.com/
Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space.
Trending News
Maine Takes Data Breach Reporting Portal Offline After Fake VRChat and Discord Filings
Anthropic Fable 5 and Mythos 5 Access Blocked to All Users Following Government Directive
GitHub to Automate Disable npm Script Installs to Block Supply Chain Attacks
Hackers Use Weaponized DMG Files to Target macOS Users With Infostealer Malware
Palo Alto PAN-OS Vulnerability Allows Attackers to Execute Arbitrary Commands as Root User
Latest News
Cyber Security
Kodak Confirms Data Breach Following ShinyHunters’ Claim of Stolen Customer Records
Cyber Security
U.S. Commerce Dept Imposes Export Controls on Anthropic’s Claude Mythos 5 and Fable 5
Cyber Security
Hackers Compromised 140+ Mastra npm Packages to Deploy Password-Stealing Malware
Cyber Security
AIRecon: AI-Powered Penetration Testing Tool with Kali Linux Sandbox
Cyber Security News
Critical LiteLLM Flaw Allows Authentication Bypass via Host Header Injection