CISA Warns of Actively Exploited Oracle PeopleSoft Vulnerability (CVE-2026-35273)

CISA Issues Urgent Warning for Oracle PeopleSoft Users

The Cybersecurity and Infrastructure Security Agency (CISA) has added Oracle PeopleSoft vulnerability CVE-2026-35273 to its Known Exploited Vulnerabilities (KEV) Catalog after confirming active exploitation in the wild.

The vulnerability affects Oracle PeopleSoft Enterprise PeopleTools and has been assigned a critical CVSS score of 9.8. Security researchers have observed attackers actively targeting vulnerable systems, leading to unauthorized access, data theft, and complete server compromise.

For organizations running Oracle PeopleSoft environments, immediate remediation should be considered a top priority.

Understanding CVE-2026-35273

CVE-2026-35273 is a critical vulnerability affecting Oracle PeopleSoft PeopleTools.

Key characteristics include:

-Remote exploitation over HTTP

-No authentication required

-Potential for remote code execution (RCE)

-Complete server takeover risk

-High impact on confidentiality, integrity, and availability

Because attackers do not require valid credentials to exploit the vulnerability, exposed systems are particularly vulnerable to compromise.

Why CISA Added It to the KEV Catalog

The CISA Known Exploited Vulnerabilities Catalog is reserved for vulnerabilities that have confirmed evidence of active exploitation.

When a vulnerability is added to the KEV catalog, organizations should treat remediation as a priority because attackers are already using the flaw in real-world attacks.

The addition of CVE-2026-35273 indicates that exploitation is no longer theoretical—it is actively occurring across targeted environments.

Reported Attack Activity

Security researchers and threat intelligence teams observed active exploitation campaigns targeting Oracle PeopleSoft servers before Oracle publicly released its security advisory.

Reports indicate that attackers leveraged the vulnerability to gain access to enterprise systems and exfiltrate sensitive information from affected organizations.

Educational institutions appear to have been among the most heavily targeted sectors, although any organization operating vulnerable PeopleSoft infrastructure may be at risk.

Business Risks

Successful exploitation of CVE-2026-35273 can result in:

Unauthorized access to sensitive business data

Customer and employee data exposure

Operational disruption

Ransomware deployment opportunities

Regulatory compliance violations

Financial and reputational damage

Organizations relying on PeopleSoft for HR, finance, payroll, or enterprise operations should assess exposure immediately.

Recommended Mitigation Steps

Organizations should take the following actions:

Apply Oracle Security Updates

Review Oracle's latest security guidance and implement all recommended patches and mitigations as soon as possible.

Restrict External Access

Limit internet exposure for PeopleSoft management interfaces and administrative services wherever possible.

Review Logs for Indicators of Compromise

Security teams should investigate suspicious activity occurring from late May onward, particularly unexpected administrative actions, unusual authentication patterns, or unauthorized data access.

Conduct Vulnerability Assessments

Perform vulnerability scanning and penetration testing to identify additional weaknesses that could be exploited alongside this vulnerability.

Enhance Continuous Monitoring

Implement security monitoring and threat detection capabilities to identify suspicious activity quickly.

Lessons for Enterprise Security Teams

The PeopleSoft incident highlights the growing importance of:

-Proactive vulnerability management

-Continuous threat monitoring

-Rapid patch deployment

-Asset visibility

-Security assessments and penetration testing

Organizations that maintain mature vulnerability management programs are significantly better positioned to respond to emerging threats.

How Invitty Can Help

Invitty helps organizations strengthen their cybersecurity posture through Vulnerability Assessment and Penetration Testing (VAPT), managed security services, threat monitoring, cloud security, and compliance consulting.

Our team assists businesses in identifying critical exposures, prioritizing remediation efforts, and reducing cyber risk before attackers can exploit vulnerabilities.

Staying ahead of emerging threats requires continuous visibility, proactive defense, and rapid response capabilities.