Summary
Oracle issued an emergency patch for a critical code injection vulnerability (CVE-2026-35273, CVSS 9.8) in PeopleSoft Enterprise PeopleTools that allows unauthenticated remote code execution.
Take Action:
If you're running Oracle PeopleSoft Enterprise PeopleTools (versions 8.61 or 8.62) this is urgent! The flaw allows anyone on the network to take over your environment without a password. Restrict network access to your PeopleSoft servers to only trusted internal networks and users. Then patch ASAP, because this flaw is either already exploited or will be exploited very soon.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)