A critical vulnerability, CVE-2026-35273, affecting PeopleSoft RCE has been discovered, presenting an immediate threat to enterprises. This flaw has a CVSS score of 9.8, allowing unauthorized remote attackers to exploit the system without authentication via HTTP. The vulnerability poses risks of complete system takeover, potentially allowing attackers to modify databases and execute arbitrary commands.
Oracle has issued an emergency security alert and recommends that system administrators apply the latest updates for PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62 to mitigate this risk.