GoKawiilOracle is warning about a critical PeopleSoft Suite zero-day vulnerability tracked as CVE-2026-35273 that allows unauthenticated remote code execution, with the flaw actively exploited in ShinyHunter data theft attacks.
The flaw is within Oracle PeopleSoft PeopleTools and has a CVSS base score of 9.8.
"This Security Alert addresses vulnerability CVE-2026-35273 in Oracle PeopleSoft PeopleTools. Oracle PeopleSoft Enterprise Applications customers may also be affected by this vulnerability," reads a new Oracle advisory.
"This vulnerability is remotely exploitable without authentication. If successfully exploited, this vulnerability may result in remote code execution."
Oracle has confirmed that the zero-day vulnerability affects PeopleSoft Enterprise PeopleTools, versions 8.61 and 8.62, and has released emergency mitigations to address the flaw, with a patch coming soon.
Zero-day exploited in ShinyHunter data theft attacks
While Oracle has not stated that this vulnerability is actively exploited, its disclosure comes after BleepingComputer first reported that the ShinyHunters extortion gang was exploiting a PeopleSoft zero-day vulnerability to breach instances and steal data.
BleepingComputer has since learned that this is the zero-day exploited in the attacks.
Charles Carmakal, CTO at Mandiant - Google Cloud, also confirmed on LinkedIn that CVE-2026-35273 is actively exploited and stated that Oracle released mitigations for the flaw.
On Tuesday, BleepingComputer learned that Oracle PeopleSoft was targeted in a wave of data theft attacks that left ransom notes purportedly from the ShinyHunters extortion gang.
... continue reading