CVE-2026-35273: Oracle PeopleSoft RCE Zero-Day Explained
By
[email protected] (Umut Bayram)
5d agoen
Source
picussecurity.comCVE-2026-35273: Oracle PeopleSoft RCE Zero-Day Explainedpicussecurity.comKey Takeaways CVE-2026-35273 is a critical, unauthenticated remote code execution flaw in Oracle PeopleSoft Enterprise PeopleTools with a 9.8 CVSS score. The root cause is unsafe deserialization of attacker-controlled data sent to the /PSEMHUB/hub endpoint without any authentication. Financially motivated extortion group UNC6240 , known as ShinyHunters , exploited the flaw and heavily targeted the higher education sector. PeopleTools 8.61 and 8.62 are the confirmed affected versions, and the flaw is listed in the CISA KEV catalog. The Picus Platform lets organizations simulate CVE-2026-35273 attacks to test the effectiveness of their security controls. CVE-2026-35273 is a critical, unauthenticated remote code execution vulnerability in Oracle PeopleSoft Enterprise PeopleTools that carries a CVSS score of 9.8.
You might also wanna read
ShinyHunters Exploits Oracle PeopleSoft Zero-Day, Targets Over 100 Higher Education Institutions
Researchers from Mandiant and Google Threat Intelligence Group warn that the ShinyHunters hacking group has exploited an Oracle PeopleSoft z
ShinyHunters exploits Oracle PeopleSoft zero-day, breaches 100+ organizations including University of Nottingham
ShinyHunters, a data theft and extortion group, exploited a critical Oracle PeopleSoft zero-day vulnerability (CVE-2026-35273) to compromise
ShinyHunters actively exploiting critical Oracle PeopleSoft vulnerability; CISA adds to known exploited list
A critical code injection vulnerability in Oracle PeopleSoft PeopleTools was disclosed last Thursday. The criminal cyber gang ShinyHunters i
Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild
thehackernews.com·8d ago

WAF - WAF Release - 2025-04-22
Cloudflare·1y ago

WAF - WAF Release - 2025-10-06
Cloudflare·9mo ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.