CVE-2026-34269: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. in Oracle Corporation PeopleSoft Enterprise PeopleTools
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
AI Analysis
Technical Summary
CVE-2026-34269 affects Oracle PeopleSoft Enterprise PeopleTools (Portal component) versions 8.61-8.62. It is an easily exploitable vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise the system, contingent on human interaction from a person other than the attacker. The vulnerability can result in unauthorized read and write (update, insert, delete) access to certain PeopleSoft Enterprise PeopleTools data. The scope of impact may extend beyond PeopleTools to other Oracle products. The CVSS 3.1 vector indicates network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, low confidentiality and integrity impact, and no availability impact. Oracle’s April 2026 Critical Patch Update advisory references this vulnerability but does not explicitly state patch availability or remediation level for it. Customers should consult the advisory for detailed patch information.
Potential Impact
Successful exploitation allows unauthorized read and modification (update, insert, delete) of some PeopleSoft Enterprise PeopleTools accessible data. The vulnerability requires human interaction from a third party and affects confidentiality and integrity of data. The scope of impact extends beyond PeopleTools to additional Oracle products. There is no impact on availability. No known exploits in the wild have been reported as of the advisory date.
Mitigation Recommendations
Oracle’s April 2026 Critical Patch Update advisory includes this vulnerability among many others but does not explicitly confirm patch availability or remediation status for CVE-2026-34269. Customers are strongly advised to review the April 2026 Critical Patch Update advisory at https://www.oracle.com/security-alerts/cpuapr2026.html and apply all relevant patches promptly. Maintaining up-to-date patching on supported versions is critical to mitigate this vulnerability. Until explicit patch information is confirmed, organizations should consider risk mitigation strategies consistent with the vulnerability’s characteristics, including limiting network exposure of PeopleSoft Enterprise PeopleTools and educating users to reduce risk of social engineering that could trigger the required human interaction.
CVE-2026-34269: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. in Oracle Corporation PeopleSoft Enterprise PeopleTools
Description
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-34269 affects Oracle PeopleSoft Enterprise PeopleTools (Portal component) versions 8.61-8.62. It is an easily exploitable vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise the system, contingent on human interaction from a person other than the attacker. The vulnerability can result in unauthorized read and write (update, insert, delete) access to certain PeopleSoft Enterprise PeopleTools data. The scope of impact may extend beyond PeopleTools to other Oracle products. The CVSS 3.1 vector indicates network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, low confidentiality and integrity impact, and no availability impact. Oracle’s April 2026 Critical Patch Update advisory references this vulnerability but does not explicitly state patch availability or remediation level for it. Customers should consult the advisory for detailed patch information.
Potential Impact
Successful exploitation allows unauthorized read and modification (update, insert, delete) of some PeopleSoft Enterprise PeopleTools accessible data. The vulnerability requires human interaction from a third party and affects confidentiality and integrity of data. The scope of impact extends beyond PeopleTools to additional Oracle products. There is no impact on availability. No known exploits in the wild have been reported as of the advisory date.
Mitigation Recommendations
Oracle’s April 2026 Critical Patch Update advisory includes this vulnerability among many others but does not explicitly confirm patch availability or remediation status for CVE-2026-34269. Customers are strongly advised to review the April 2026 Critical Patch Update advisory at https://www.oracle.com/security-alerts/cpuapr2026.html and apply all relevant patches promptly. Maintaining up-to-date patching on supported versions is critical to mitigate this vulnerability. Until explicit patch information is confirmed, organizations should consider risk mitigation strategies consistent with the vulnerability’s characteristics, including limiting network exposure of PeopleSoft Enterprise PeopleTools and educating users to reduce risk of social engineering that could trigger the required human interaction.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- oracle
- Date Reserved
- 2026-03-26T19:48:45.674Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","vendor":"Oracle"}]
Threat ID: 69e7e5a019fe3cd2cdf9f743
Added to database: 4/21/2026, 9:01:20 PM
Last enriched: 4/21/2026, 10:04:08 PM
Last updated: 4/22/2026, 7:16:10 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.