AI description
CVE-2026-35273 is a remote code execution (RCE) vulnerability affecting Oracle PeopleSoft Enterprise PeopleTools, specifically within the Updates Environment Management component, also known as the Environment Management Hub (PSEMHUB). This flaw allows an unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools without requiring user interaction. Successful exploitation can lead to a complete takeover of the affected system. The vulnerability impacts PeopleTools versions 8.61 and 8.62, with earlier unsupported versions also likely susceptible. It was actively exploited as a zero-day by the ShinyHunters extortion crew (tracked as UNC6240 by Mandiant) between May 27 and June 9, 2026, prior to Oracle's advisory on June 10. The attacks primarily targeted universities and leveraged missing authentication checks in PSEMHUB HTTP endpoints to execute arbitrary code through crafted POST requests to `/PSEMHUB/hub` or `/PSIGW/HttpListeningConnector`.
- Description
- Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
- Source
- secalert_us@oracle.com
- NVD status
- Analyzed
- Products
- peoplesoft_enterprise_peopletools
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability
- Exploit added on
- Jun 12, 2026
- Exploit action due
- Jun 15, 2026
- Required action
- Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-306
- Hype score
- Not currently trending
CVE-2026-35273 in Oracle PeopleSoft PeopleTools EMHub Under Active Exploitation https://t.co/ECGahbqYQt CVE-2026-35273 in Oracle PeopleSoft PeopleTools EMHub Under Active Exploitation Oracle has disclosed CVE-2026-35273, a critical Remote Code Execution (RCE) zero-day vulnera
@f1tym1
14 Jun 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-35273 - Oracle PeopleSoft: Unauthenticated Takeover of Updates Environment Management Exploit kit in making... Will add it to https://t.co/K2BXNRWUsR #0days #0dayz #exploit #CVE #CVSS #RCE https://t.co/xL5PcF1bQX
@YogSoth0
13 Jun 2026
493 Impressions
3 Retweets
8 Likes
1 Bookmark
5 Replies
0 Quotes
🚨 CVE-2026-35273: Oracle PeopleSoft Enterprise PeopleTools has an unauthenticated remote code execution bug. CVSS 9.8. CISA added it to the KEV catalog on June 12, 2026 with known ransomware campaign use, so it is being exploited now. #KEV #CVE https://t.co/iSCReRV6dc
@cloudkey_tech
13 Jun 2026
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
DFIR Weekly Recap | Oracle PeopleSoft zero-days and device code phishing dominated this week's threat landscape. • Oracle PeopleSoft CVE-2026-35273 seeing active exploitation with ShinyHunters targeting education sector • Device code phishing bypassing traditional password h
@DFIR_Radar
13 Jun 2026
165 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
#threatreport #MediumCompleteness Active Exploitation of Oracle PeopleSoft Zero-Day (CVE-2026-35273) | 12-06-2026 Source: https://t.co/xvc4YAcX7K Key details below ↓ 🧑💻Actors/Campaigns: Unc6240 (🧠motivation: cyber_criminal, information_theft) Shinyhunters (🧠moti
@rst_cloud
13 Jun 2026
92 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL: CVE-2026-35273 in Oracle PeopleSoft PeopleTools allows unauthenticated takeover. CISA KEV listed, ransomware exploitation known. Patch immediately. #CVE #PatchNow #ThreatIntel https://t.co/7w6jkvxtfv
@DFIR_Lab
13 Jun 2026
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cyber Heat Radar|2026/06/13 05:00 JST 今回は①CVE-2026-35273 CISA KEV追加の件、②Check Point VPN CVE-2026-50751…の件、③Ivanti脆弱性 連邦機関にパッチ命令の件を中心に、ほか3件を含めて音声で6件扱います。
@cyberheatradar
12 Jun 2026
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Threat Intel Brief — 2026-06-12 Today’s real signal is ShinyHunters/UNC6240 turning Oracle PeopleSoft into an extortion lane, not a generic “new CVE” story. GTIG/Mandiant says the group exploited CVE-2026-35273 as a zero-day against Oracle PeopleSoft Environment Managem
@alphahunt_io
12 Jun 2026
155 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
ShinyHunters used an Oracle PeopleSoft zero-day to breach universities. CVE-2026-35273 scores 9.8. Patch guidance and IOCs inside. https://t.co/kk81XBdr7T #ShinyHunters #OraclePeopleSoft #CVE #ZeroDay #PSEMHUB #UniversityDataBreach #RCE #Mandiant #PeopleTools #ExtortionGroup ht
@redsecuretech
12 Jun 2026
79 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Two critical zero-days in Ivanti Sentry and Oracle PeopleSoft are under active exploitation right now. Plus, a new BitLocker bypass (GreatXML) is public. What happened: Ivanti Sentry (CVE-2026-10520) and Oracle PeopleSoft (CVE-2026-35273) flaws are being actively exploited
@gh0st_V3ctbrv
12 Jun 2026
87 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
💭 ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities Data Breach / Critical CVE: The ShinyHunters extortion crew ex... https://t.co/MQJd6TsmsC #DataBreach #CVE #ZeroDay #DataProtection
@MyDooM15
11 Jun 2026
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Oracle's PeopleSoft stack is reading like an open book — and ShinyHunters is doing the reading. CVE-2026-35273, unauthenticated remote code execution in PeopleTools 8.61 and 8.62, landed in an emergency out-of-band advisory today. No credentials required. No full patch released
@GoCocoaAI
11 Jun 2026
140 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2026-35273 — CVSS 9.8/10 ██████████ Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment... Severity: CRITICAL Patch now. #cybersecurity #CVE https://t.co/lB9e4CKyJO
@OrizonCyber
11 Jun 2026
165 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.61:*:*:*:*:*:*:*",
"matchCriteriaId": "18F15FC6-947A-462A-8329-C52907799A7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.62:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0E4EFC-096B-4861-8D55-D8DAA37A21E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]