Unauthorized Data Manipulation in Oracle PeopleSoft Enterprise PeopleTools
CVE-2026-34269

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Peopletools
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-34269?

A vulnerability exists within Oracle's PeopleSoft Enterprise PeopleTools, specifically in the Portal component, impacting versions 8.61 to 8.62. This flaw allows unauthenticated attackers with HTTP network access to exploit the system, necessitating human interaction from a victim. While primarily affecting PeopleSoft, the ramifications of successful exploitation may extend to other interconnected products. Attackers can achieve unauthorized actions such as updates, insertions, or deletions of accessible data, along with unauthorized reading of certain data segments.

Affected Version(s)

PeopleSoft Enterprise PeopleTools 8.61 <= 8.62

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34269 Data

JSON