Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Affecting Workflow Component
CVE-2026-34307

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Peopletools
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-34307?

The vulnerability in Oracle's PeopleSoft Enterprise PeopleTools, specifically within the Workflow component, allows attackers with low privileges to exploit the system through HTTP network access. This exploitation requires human interaction from an individual who is not the attacker. While the primary focus is on the PeopleTools application, successful exploitation can have severe repercussions on associated products. Attackers may gain unauthorized access, permitting them to update, insert, or delete critical data within the affected systems, leading to significant confidentiality and integrity concerns for data accessible via PeopleSoft. For further information, refer to the official security advisory.

Affected Version(s)

PeopleSoft Enterprise PeopleTools 8.61 <= 8.62

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34307 Data

JSON