Vulnerability in PeopleSoft Enterprise HCM Human Resources by Oracle
CVE-2026-34280

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Hcm Human Resources
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-34280?

An improper access control vulnerability exists in Oracle's PeopleSoft Enterprise HCM Human Resources product, specifically within the Job Profile Manager component. This flaw permits high-privileged attackers with network access via HTTP to compromise the system. Successful exploitation could lead to unauthorized creation, deletion, or modification of critical data, as well as full access to all data accessible within the PeopleSoft Enterprise HCM framework. Organizations using the affected version must address this vulnerability swiftly to safeguard sensitive information.

Affected Version(s)

PeopleSoft Enterprise HCM Human Resources 9.2

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34280 Data

JSON