Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Fluid Core
CVE-2026-34277

6.6MEDIUM

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Peopletools
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-34277?

A significant vulnerability exists within the Fluid Core component of Oracle's PeopleSoft Enterprise PeopleTools. This weakness enables attackers with high privileges and network access via HTTP to exploit the software, potentially leading to unauthorized modifications or deletion of accessible data. Additionally, there is a risk of unauthorized reading of sensitive data and the ability to induce a partial denial of service, which could disrupt operations. The exploitation of this vulnerability poses a broad threat not only to PeopleSoft Enterprise PeopleTools but also to other integrated systems and products.

Affected Version(s)

PeopleSoft Enterprise PeopleTools 8.61 <= 8.62

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34277 Data

JSON