U.S. CISA adds Oracle PeopleSoft Enterprise PeopleTools flaw to its Known Exploited Vulnerabilities catalog
Publish Date: 2026-06-13 05:21:00
Source Domain: securityaffairs.com
U.S. CISA adds Oracle PeopleSoft Enterprise PeopleTools flaw to its Known Exploited Vulnerabilities catalog
Pierluigi Paganini
June 13, 2026
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle PeopleSoft Enterprise PeopleTools flaw to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Oracle PeopleSoft Enterprise PeopleTools flaw, tracked as CVE-2026-35273 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog.
Oracle PeopleSoft Enterprise PeopleTools is the underlying technology platform used to build, run, administer, and customize Oracle PeopleSoft applications.
The flaw CVE-2026-35273 is a remote code execution vulnerability in Oracle PeopleSoft’s Environment Management component. No authentication required. No user interaction required. Just network access to the Environment Management Hub endpoint and you can take over the server.
This week, Mandiant and Google’s Threat Intelligence Group published an analysis of an active ShinyHunters campaign on June 11, one day after Oracle finally issued an advisory for the vulnerability being exploited. The gap matters: the activity ran from May 27 to June 9, meaning every organization hit during those two weeks was dealing with a zero-day, a flaw with no available patch and no official vendor warning. Sixty-eight percent of the more than 100 organizations Mandiant notified were universities and colleges, most of them in the United States.
“Mandiant and Google Threat Intelligence Group (GTIG) have identified an active compromise and extortion campaign attributed to UNC6240 (ShinyHunters) targeting Oracle PeopleSoft application infrastructure. The activity was observed between May 27, 2026, and June 9, 2026 and is consistent with the exploitation of CVE-2026-35273, a critical remote code execution vulnerability (CVSS 9.8)…
