Authentication Bypass Vulnerability in PeopleSoft Enterprise Application Server by Oracle
CVE-2026-35276

8.1HIGH

Key Information:

Vendor

Oracle

Vendor
CVE Published:
16 June 2026

What is CVE-2026-35276?

A vulnerability exists within the Oracle PeopleSoft Enterprise PT PeopleTools, specifically in the Application Server component, affecting versions 8.61 and 8.62. This vulnerability allows an unauthenticated attacker with network access via HTTP to potentially compromise the system. Without requiring authentication, an adversary could exploit this weakness to gain unauthorized access, risking significant impact on confidentiality, integrity, and availability of the affected system. Just one successful exploit could allow for a complete takeover of the PeopleSoft Enterprise environment.

Affected Version(s)

PeopleSoft Enterprise PT PeopleTools 8.61

PeopleSoft Enterprise PT PeopleTools 8.62

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.