Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks

Oracle on Thursday released an out-of-band advisory addressing a PeopleSoft vulnerability that can be exploited by an unauthenticated attacker for remote code execution.

The security alert comes amid reports that the notorious ShinyHunters hacker group has been targeting organizations that use PeopleSoft.

PeopleSoft is an integrated enterprise resource planning (ERP) software suite widely used by large organizations for managing core business functions, including HR, payroll, finance, supply chain, and campus operations.

The newly disclosed vulnerability is tracked as CVE-2026-35273, and Oracle says it’s a critical issue that affects PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62. PeopleSoft Enterprise Applications users could also be impacted.

It appears that only mitigations have been released by Oracle rather than a full patch.