Free practical cybersecurity guidance for organisations without a security team.
hello@actionsoncyber.com
← Back to Vulnerability Briefs

Critical Oracle PeopleSoft Vulnerability Could Allow Remote Takeover

A critical security flaw has been found in Oracle PeopleSoft software that allows attackers to take full control without needing a password. This vulnerability is actively being exploited, including in attacks targeting universities. Small organisations using affected versions should act quickly to reduce risk.

12 June 2026

Reference: CVE-2026-35273

1. What is being reported?

A serious security weakness exists in Oracle PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62. Attackers can exploit this flaw remotely over the internet without logging in, potentially taking over the system completely. This has been confirmed by multiple security sources and is being actively used by attackers.

2. What this means in plain English

If your organisation uses the affected PeopleSoft software, an attacker could gain full access to your system, steal data, or disrupt your services. This could lead to loss of sensitive information, damage to your reputation, and costly recovery efforts.

3. Could this affect a small business?

Small businesses or charities that use Oracle PeopleSoft versions 8.61 or 8.62 for managing their operations could be at risk. Organisations not using this software or using other versions are unlikely to be affected.

4. What to do now

  • Check if your organisation uses Oracle PeopleSoft Enterprise PeopleTools versions 8.61 or 8.62.
  • If you do, contact your IT provider or software supplier immediately to apply any available patches or mitigations.
  • Limit network access to PeopleSoft systems where possible, especially from the internet.
  • Monitor your systems for unusual activity and report any suspected breaches promptly.

5. Ask your IT provider

Can you confirm if our Oracle PeopleSoft software is affected by CVE-2026-35273 and what steps are being taken to protect us?

6. Bottom line

If you use Oracle PeopleSoft 8.61 or 8.62, act quickly to secure your systems against this critical vulnerability.

Information based on CISA KEV, NVD, and multiple reputable security news reports.

Back to Vulnerability Briefs