Security Vulnerability in Oracle PeopleSoft Enterprise PeopleTools
CVE-2026-34309

8.1HIGH

Key Information:

Vendor: Oracle
Status: Peoplesoft Enterprise Peopletools
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-34309?

An improper access control vulnerability has been identified in Oracle's PeopleSoft Enterprise PeopleTools, specifically concerning its security component. This weakness allows a low-privileged attacker, with network access via HTTP, to exploit the system. If exploited, an attacker could potentially create, delete, or modify critical data across all accessible instances of PeopleSoft Enterprise PeopleTools. Successful exploitation may result in unauthorized access to sensitive information, impacting both confidentiality and integrity of the data. Organizations using affected versions 8.61 and 8.62 are advised to implement the necessary security patches promptly to mitigate risks.

Affected Version(s)

PeopleSoft Enterprise PeopleTools 8.61 <= 8.62

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34309 Data

JSON