Unauthenticated Access Vulnerability in Oracle PeopleSoft Enterprise PT PeopleTools
CVE-2026-35271

8.7HIGH

Key Information:

Vendor

Oracle

Vendor
CVE Published:
16 June 2026

What is CVE-2026-35271?

A vulnerability exists in the PeopleSoft Enterprise PT PeopleTools product of Oracle, specifically within the Weblogic component. This flaw allows unauthenticated attackers with network access via HTTP to exploit the system, potentially leading to unauthorized creation, deletion, or modification of critical data. Although primarily affecting PeopleSoft Enterprise PT PeopleTools, the impact may extend to other integrated products. Successful exploitation can result in comprehensive access to sensitive data, undermining data confidentiality and integrity.

Affected Version(s)

PeopleSoft Enterprise PT PeopleTools 8.61

PeopleSoft Enterprise PT PeopleTools 8.62

References

CVSS V3.1

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.