🚨 CRITICAL ALERT: Active Zero-Day Exploits

A critical, network-exploitable vulnerability in Oracle PeopleSoft Enterprise PeopleTools is confirmed at CVSS 9.8 and is listed in the CISA Known Exploited Vulnerabilities catalog, indicating active exploitation risk and urgent remediation requirements. This flaw allows an unauthenticated attacker over HTTP to compromise affected systems and can result in full takeover of PeopleSoft Enterprise PeopleTools. [1][3][7]

Critical Vulnerabilities (CVSS >= 8.0)

• CVE-2026-35273 (CVSS: 9.8): Vulnerability in Oracle PeopleSoft Enterprise PeopleTools, component Updates Environment Management, affecting supported versions 8.61 and 8.62. Oracle states the issue is remotely exploitable without authentication over HTTP, and successful exploitation may result in remote code execution and full takeover of the platform. This vulnerability is recorded in the CISA KEV catalog. View NVD | CISA KEV

⚡ Immediate Actions Required

Patch immediately using Oracle’s published security guidance for PeopleSoft PeopleTools 8.61 and 8.62, and treat any exposed PeopleSoft environment as potentially compromised until verified. Oracle recommends immediate action, and third-party advisories note defenders should disable or restrict exposure of the Environment Management Hub and related HTTP endpoints from untrusted networks. [3][7][8]

Block external access to PeopleSoft management interfaces, review web and application logs for suspicious requests to /PSEMHUB/hub and related paths, and look for signs of post-exploitation activity such as unexpected web shells, altered XML files, or unusual outbound traffic. If exploitation is suspected, isolate affected hosts, preserve logs, and begin incident response and credential reset procedures without delay. [8][7]