A critical CVE-2026-35273 vulnerability has been identified in Oracle PeopleSoft Enterprise PeopleTools, allowing authenticated endpoints to manipulate central log storage systems. This vulnerability, categorized with a CVSS score of 10, stems from unescaped character handling in the Wazuh 5.0 inventory pipeline. Attackers could execute unauthorized OpenSearch bulk operations with high-privilege credentials, leading to severe impacts such as unauthorized document deletion and forensic evidence destruction.
The flaw affects installations from version 5.0.0-beta1, but older versions (4.x) are unaffected. Wazuh has released version 5.0.0-beta3, which includes fixes for the vulnerability, and network administrators are urged to review the technical disclosures and upgrade to mitigate risks.