MDR
Solutions
Partners
About
Resources
Oracle PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62; predominantly universities and government entities.
CVE-2026-35273 (CVSS 9.8) actively exploited; allows unauthenticated remote code execution via HTTP on PeopleSoft instances.
Disclosed and actively exploited from June 11–12, 2026; over 100 organisations impacted across approximately 300 instances.
Unauthenticated HTTP access to the Updates Environment Management Hub component exposed on the public internet.
Management functionality exposed over HTTP without authentication in PeopleSoft’s Environment Management component.
Attackers POST to /PSEMHUB/hub to execute arbitrary code, deploy backdoors, and move laterally to exfiltrate data.
Over 100 organisations and approximately 300 PeopleSoft instances compromised; backdoors deployed and data exfiltrated.
Universities and government entities predominantly affected; sensitive HR, financial, and student data at risk of exfiltration.
Disable or restrict PSEMHUB and HttpListeningConnector endpoints; apply Oracle patches immediately after testing.
Check WebLogic logs for POST requests to PSEMHUB/hub; inspect for unexpected JSP files and modified XML persistence artifacts.
The Hacker News – ShinyHunters exploits Oracle PeopleSoft (June 2026). Oracle Security Alert – CVE-2026-35273. SecurityWeek – Oracle addresses PeopleSoft vulnerability amid zero-day attack reports. CVE: CVE-2026-35273.
Trusted by clients worldwide
Led by human expertise and powered by the VisionX platform, we provide you with a 24/7 unbeatable Managed Detection & Response capability giving you transparent and consolidated security solutions.
.jpg)