CVE-2026-35273

Name of the Vulnerable Software and Affected Versions PeopleSoft Enterprise PeopleTools version 8.61 PeopleSoft Enterprise PeopleTools version 8.62

Description An unauthenticated remote code execution flaw exists in the Updates Environment Management component of PeopleSoft Enterprise PeopleTools. An attacker with network access via HTTP can exploit this issue to completely take over the affected system. The flaw is being actively exploited by the ShinyHunters extortion group (tracked as UNC6240), with reports of approximately 300 compromised instances across more than 100 organizations, predominantly in the higher education sector. Attackers have been observed chaining this issue with legacy flaws to bypass authentication via '/OA HTML/' endpoints and extract cleartext credentials from psappsrv.cfg files to move laterally across web, app, and batch tiers.

Recommendations For version 8.61, apply the patches referenced in Oracle's Security Alert. For version 8.62, apply the patches referenced in Oracle's Security Alert. Restrict network access to PeopleSoft environments and limit exposure to trusted users. As a temporary mitigation, isolate affected systems until patches are fully applied.