Oracle is warning about a critical zero-day in PeopleSoft PeopleTools, tracked as CVE-2026-35273, which allows unauthenticated remote code execution and affects versions 8.61 and 8.62. The flaw has been used in ShinyHunters data theft attacks against more than 100 organizations, with Mandiant confirming active exploitation and Oracle releasing emergency mitigations. #Oracle #PeopleSoft #PeopleSoftPeopleTools #CVE-2026-35273 #ShinyHunters #Mandiant
Keypoints
- CVE-2026-35273 is a critical zero-day in Oracle PeopleSoft PeopleTools.
- The flaw enables unauthenticated remote code execution.
- Oracle says PeopleSoft Enterprise PeopleTools 8.61 and 8.62 are affected.
- ShinyHunters used the vulnerability in data theft attacks against over 100 organizations.
- Mandiant confirmed active exploitation and advised urgent log review and access restrictions.