CVE-2026-35273

Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability

Added to CISA KEV: 2026-06-12

By FixTheVuln Team Sources: CISA KEV Catalog, NVD
CVSS N/A — UNKNOWN ACTIVE
OWASP: A07 CWE-287

Description

Oracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which...

Required Action

Fix: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

References

Assess Your Risk

Use the CVSS Calculator to evaluate how this vulnerability affects your specific environment. Consider your network exposure, existing mitigations, and asset criticality.

Frequently Asked Questions

What is CVE-2026-35273?

CVE-2026-35273 (Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability) is a vulnerability with a CVSS score of N/A (UNKNOWN). Oracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which...

How do I fix CVE-2026-35273?

Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

How severe is CVE-2026-35273?

CVE-2026-35273 has a CVSS score of N/A, classified as UNKNOWN. This vulnerability is in the CISA Known Exploited Vulnerabilities (KEV) catalog, meaning it has been actively exploited in the wild.

Free Security Tools

CVSS Calculator Security+ Practice Quiz Password Strength Checker

FixTheVuln Store

Stay Ahead of Vulnerabilities

Structured study planners for 60+ security certifications. Master vulnerability management with domain trackers and exam strategies.

Shop Security+ Planner

CyberFolio

Vulnerability management on your resume? Prove it.

Build a shareable cybersecurity portfolio that highlights your certifications, projects, and skills — free.

Build Your Portfolio →
← Back to Home ← All CVEs