Back

Oracle Issues Emergency Update for Critical RCE Vulnerability in PeopleSoft

Severity: Critical (Score: 80.2)

Sources: Cybersecuritynews, Blogs.Oracle

Published: 2026-06-11 · Updated: 2026-06-11

Keywords: vulnerability, security, oracle, alert, cve-2026-35273, emergency, critical

Severity indicators: critical, emergency, vulnerability, rce, CVE:CVE-2026-35273

Summary

Oracle has released an emergency Security Alert for a critical remote code execution vulnerability (CVE-2026-35273) affecting PeopleSoft Enterprise PeopleTools. The vulnerability has a CVSS v3.1 score of 9.8, indicating a severe threat to enterprise environments. It resides in the Updates Environment Management component of PeopleTools, allowing attackers to execute arbitrary code if exploited. Oracle advises all customers to apply the necessary patches immediately to mitigate potential risks. The vulnerability was published on 2026-06-11, and its exploitation could lead to significant breaches in security across affected systems. Organizations using PeopleSoft are particularly at risk and should prioritize remediation efforts. Key Points: • CVE-2026-35273 has a CVSS score of 9.8, indicating critical severity. • The vulnerability affects the Updates Environment Management component of PeopleSoft. • Oracle has issued an emergency alert and recommends immediate patching.

Detailed Analysis

**Impact** The vulnerability affects organizations using Oracle PeopleSoft Enterprise PeopleTools, a widely deployed enterprise resource planning (ERP) platform. Successful exploitation could lead to remote code execution, potentially compromising sensitive business data and operational systems. No specific sectors, geographies, or numbers of affected entities are provided in the articles. **Technical Details** The vulnerability, tracked as CVE-2026-35273, resides in the Updates Environment Management component of PeopleSoft PeopleTools. It has a CVSS v3.1 base score of 9.8, indicating critical severity. Exploitation allows remote code execution, but no specific attack techniques, malware, or indicators of compromise (IOCs) are detailed in the sources. **Recommended Response** Organizations should immediately apply the Oracle Security Alert patch addressing CVE-2026-35273 as provided in the official advisory. Monitoring for unusual activity related to PeopleSoft PeopleTools is advised until remediation is complete. No additional detection rules or IOCs are available from the articles.

Source articles (2)

  • Security Alert CVE-2026-35273 Released — Blogs.Oracle · 2026-06-11
    Oracle has just released Security Alert CVE-2026-35273 . This vulnerability affects PeopleSoft Enterprise PeopleTools. This vulnerability has a CVSS v3.1 Base Score of 9.8. If successfully exploited,…
  • Oracle Emergency Security Update to Fix Critical RCE Vulnerability — Cybersecuritynews · 2026-06-11
    Oracle has issued an emergency Security Alert to address a critical remote code execution vulnerability (CVE-2026-35273) affecting PeopleSoft Enterprise PeopleTools. The vulnerability carries a CVSS v…

Timeline

  • 2026-06-11 — CVE-2026-35273 published: Oracle disclosed a critical remote code execution vulnerability in PeopleSoft Enterprise PeopleTools.
  • 2026-06-11 — Oracle issues Security Alert: Oracle released an emergency Security Alert advising customers to remediate the critical vulnerability immediately.

CVEs

  • CVE-2026-35273

Related entities

  • Zero-day Exploit (Attack Type)
  • Oracle (Company)
  • PeopleSoft Enterprise PeopleTools (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed