A critical zero-day vulnerability in Oracle's PeopleSoft Suite, identified as CVE-2026-35273, has been exploited by attackers to execute remote code without authentication, resulting in data theft. Oracle has issued a mitigation for this flaw, which is being leveraged in ShinyHunter attacks. The vulnerability expands the attack surface, making it essential for organizations to assess their exposure and prioritize mitigation based on evidence of exploitation. The CVE-2026-35273 vulnerability allows attackers to remotely execute code, emphasizing the need for prompt action to prevent further data breaches. This vulnerability is particularly concerning as it can be exploited without authentication, making it a significant threat to organizations using PeopleSoft Suite1. So what matters to practitioners is that they must urgently review their systems for signs of exploitation and apply Oracle's mitigation to prevent potential data theft.
Oracle mitigates PeopleSoft zero-day exploited in data theft attacks
⚠️ Critical Alert
Why This Matters
CVE-2026-35273 disclosure expands the active attack surface — prioritize based on your exposure and exploitation evidence.
References
- BleepingComputer. (2026, June 11). Oracle mitigates PeopleSoft zero-day exploited in data theft attacks. *BleepingComputer*. https://www.bleepingcomputer.com/news/security/oracle-mitigates-peoplesoft-zero-day-exploited-in-data-theft-attacks/
Original Source
BleepingComputer
Read original →