Unauthorized Access Vulnerability in Oracle PeopleSoft Performance Monitor
CVE-2026-35278

9.8CRITICAL

Key Information:

Vendor

Oracle

Vendor
CVE Published:
16 June 2026

What is CVE-2026-35278?

A significant vulnerability has been identified in Oracle PeopleSoft's Performance Monitor, affecting versions 8.61 and 8.62. This flaw allows an unauthenticated attacker with network access via HTTP to exploit the system easily. If successfully exploited, it can lead to complete takeover of the PeopleSoft Enterprise PT PeopleTools, compromising both the confidentiality and integrity of the system. Organizations using these affected versions should take immediate action to mitigate any potential security risks associated with this vulnerability.

Affected Version(s)

PeopleSoft Enterprise PT PeopleTools 8.61

PeopleSoft Enterprise PT PeopleTools 8.62

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.