Vulnerability in PeopleSoft Enterprise HCM Absence Management by Oracle
CVE-2026-34266

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Hcm Absence Management
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-34266?

A vulnerability exists in the PeopleSoft Enterprise HCM Absence Management component of Oracle PeopleSoft, allowing an attacker with high privileges and network access via HTTP to compromise the system. Exploitation of this vulnerability can lead to unauthorized creation, deletion, or modification of critical data within the application. As a result, sensitive information may be exposed or manipulated, impacting the confidentiality and integrity of the entire PeopleSoft Enterprise HCM Absence Management system.

Affected Version(s)

PeopleSoft Enterprise HCM Absence Management 9.2

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34266 Data

JSON