Oracle Warns of Critical PeopleSoft Security Vulnerability

Oracle has identified a critical security vulnerability in its PeopleSoft Suite, classified as CVE-2026-35273. This flaw allows attackers to execute unauthorized remote code without requiring authentication. The discovery of this vulnerability comes amid reports of active attacks attributed to the ShinyHunter group. The vulnerability affects multiple versions of the PeopleSoft Suite and could potentially have widespread implications for businesses using this software. Oracle has already taken steps to mitigate the security vulnerability and recommends that its customers promptly install the latest security updates.

The exact number of affected systems is currently unknown. ShinyHunter is known for its data theft operations, where sensitive information from companies is stolen. The group has previously employed various techniques to infiltrate corporate networks. The current exploitation of the PeopleSoft security vulnerability demonstrates that attackers continue to seek new ways to breach systems. Oracle has classified the vulnerability as critical, indicating that it poses a high risk to the confidentiality, integrity, and availability of data.

Companies using PeopleSoft are urged to promptly review their systems and ensure that all necessary security measures are in place. Oracle has emphasized in its statement that the vulnerability is not merely theoretical but is actively being exploited. Security researchers have noted that attacks have increased in recent weeks, underscoring the urgency of the situation. The exact method used by attackers to exploit the vulnerability is currently under investigation. The security community has already responded to the discovery, warning companies using PeopleSoft of the potential risks.

Experts recommend that companies review their security protocols and ensure they are informed about the latest threats. Implementing Intrusion Detection Systems (IDS) could also be beneficial for early detection of suspicious activities. Oracle has announced that further information on addressing the vulnerability will be provided in the coming days. The security updates are expected to be released in a patch specifically aimed at addressing this critical flaw. Companies should ensure they are informed of the latest information from Oracle to protect their systems.

The discovery of this security vulnerability comes at a time when cyberattacks on businesses worldwide are increasing. According to the Cybersecurity Report 2026, there was a 30% rise in reported security incidents last year. The need to quickly identify and remediate vulnerabilities is becoming increasingly urgent. The CVE-2026-35273 vulnerability is another example of the challenges companies face in today’s digital landscape. The ability of attackers to exploit vulnerabilities necessitates a proactive approach to cybersecurity.

Companies should not only wait for security updates but also continuously adapt and improve their security strategies. Oracle has urged customers to track all relevant information regarding this security vulnerability and ensure their systems are up to date. The security updates are expected to be available within the next week to protect affected systems. The vulnerability was publicly disclosed by Oracle on June 14, 2026, and initial reports of exploitation have already been received.