Oracle Fixes PeopleSoft Zero-Day in Active Attacks

Emily Davis · 2026-06-11

Oracle just dropped an urgent security patch for a critical PeopleSoft Suite zero-day vulnerability, tracked as CVE-2026-35273. This flaw lets attackers execute remote code without any authentication, and it's already being exploited in real-world data theft campaigns by a group known as ShinyHunter. If you're running PeopleSoft in your enterprise, this is one of those patches you can't afford to delay. The attackers are actively scanning for vulnerable systems, and once they get in, they can steal sensitive data like employee records, financial information, and more. ### What Makes This Vulnerability So Dangerous? The key issue is that CVE-2026-35273 requires no user interaction or credentials to exploit. Think of it like leaving your front door unlocked in a busy city - anyone can walk right in. For organizations using PeopleSoft for HR, finance, or supply chain management, the risk is enormous. ShinyHunter has been linked to multiple high-profile breaches this year, and they're known for moving fast after a zero-day is disclosed. They often exfiltrate data within hours of gaining access, so time is literally money here. ### Who Should Be Concerned? Any organization running Oracle PeopleSoft Suite versions prior to the latest patch is vulnerable. This includes: - Large enterprises using PeopleSoft for payroll and HR - Government agencies managing employee data - Educational institutions running PeopleSoft Campus Solutions - Any business with PeopleSoft exposed to the internet If you're not sure whether your instance is affected, check your version against Oracle's advisory immediately. The patch is available through Oracle's quarterly critical patch update, but given the active exploitation, you should prioritize this one. ### Steps to Protect Your Systems Here's what you need to do right now: 1. Apply Oracle's security patch for CVE-2026-35273 as soon as possible 2. Check your network logs for any unusual activity, especially from unknown IPs 3. Restrict network access to PeopleSoft servers - only allow trusted IPs 4. Enable multi-factor authentication on all PeopleSoft admin accounts 5. Review user permissions and remove any unnecessary access Remember, patching is just the first step. You also need to monitor for signs of compromise because attackers may have already exploited the vulnerability before the patch was released. ### Why This Matters for Your Business A data breach from a vulnerability like this can cost millions of dollars in remediation, legal fees, and reputational damage. In the United States alone, the average cost of a data breach is over $9 million according to recent studies. For a midsize company, that could be devastating. Beyond the financial hit, there's the loss of customer trust. When sensitive HR data gets stolen, employees and partners lose confidence in your ability to protect them. That kind of damage takes years to repair. ### The Bottom Line Oracle has done its part by releasing the patch. Now it's up to you to deploy it. Don't wait for your next scheduled maintenance window - treat this as an emergency. The attackers certainly are. If you need help assessing your exposure or implementing the fix, reach out to your security team or a trusted partner. Every hour you delay increases the chance that ShinyHunter or another group will find your vulnerable system. Stay safe out there, and keep those systems updated.