Oracle issued an out-of-band advisory for CVE-2026-35273, a critical PeopleSoft vulnerability that could allow unauthenticated remote code execution in PeopleSoft Enterprise PeopleTools 8.61 and 8.62. Reports also link the issue to ShinyHunters activity targeting hundreds of PeopleSoft instances across more than 100 organizations, with organizations such as the University of Nottingham confirming impact. #Oracle #PeopleSoft #CVE-2026-35273 #ShinyHunters #UniversityofNottingham
Keypoints
- Oracle disclosed a critical PeopleSoft flaw, CVE-2026-35273, that may enable remote code execution.
- The issue affects PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62.
- Oracle released mitigations, but no full patch is available yet.
- ShinyHunters reportedly targeted more than 300 PeopleSoft instances at over 100 organizations.
- The education sector was heavily affected, and the University of Nottingham confirmed a significant breach.