CVE-2026-34269: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. in Oracle Corporation PeopleSoft Enterprise PeopleTools
CVE-2026-34269 is a medium severity vulnerability in Oracle PeopleSoft Enterprise PeopleTools versions 8. 61-8. 62. It allows an unauthenticated attacker with network access via HTTP to potentially compromise the product. Exploitation requires human interaction from a user other than the attacker. Successful exploitation can lead to unauthorized read, update, insert, or delete access to certain PeopleSoft Enterprise PeopleTools accessible data. The vulnerability also has a scope change, potentially impacting additional products beyond PeopleTools. The CVSS 3. 1 base score is 6. 1, reflecting confidentiality and integrity impacts but no availability impact.
AI Analysis
Technical Summary
This vulnerability affects Oracle PeopleSoft Enterprise PeopleTools (Portal component) versions 8.61-8.62. It is exploitable remotely over HTTP without authentication but requires user interaction from a third party. The vulnerability allows unauthorized modification (update, insert, delete) and unauthorized reading of some accessible data within PeopleSoft Enterprise PeopleTools. The CVSS vector indicates network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, low confidentiality and integrity impact, and no availability impact. The vulnerability is categorized under CWE-284 (Improper Access Control). Oracle’s April 2026 Critical Patch Update advisory references this vulnerability but does not explicitly state that a patch is available for PeopleSoft Enterprise PeopleTools. Customers are advised to review Oracle advisories and apply patches promptly when available.
Potential Impact
Successful exploitation can result in unauthorized read and modification (update, insert, delete) of some PeopleSoft Enterprise PeopleTools accessible data. The scope change indicates that additional Oracle products beyond PeopleTools may be impacted. The vulnerability does not affect system availability. No known active exploits have been reported. The medium severity rating and CVSS score of 6.1 reflect moderate risk primarily to confidentiality and integrity of data.
Mitigation Recommendations
Patch status is not yet confirmed — check the Oracle advisory at https://www.oracle.com/security-alerts/cpuapr2026.html for current remediation guidance. Oracle strongly recommends applying Critical Patch Updates promptly when patches become available. Until a patch is applied, organizations should consider limiting network exposure of affected PeopleSoft Enterprise PeopleTools versions and exercising caution with user interactions that could trigger exploitation. No vendor advisory states that no action is required or that the issue is already mitigated.
CVE-2026-34269: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. in Oracle Corporation PeopleSoft Enterprise PeopleTools
Description
CVE-2026-34269 is a medium severity vulnerability in Oracle PeopleSoft Enterprise PeopleTools versions 8. 61-8. 62. It allows an unauthenticated attacker with network access via HTTP to potentially compromise the product. Exploitation requires human interaction from a user other than the attacker. Successful exploitation can lead to unauthorized read, update, insert, or delete access to certain PeopleSoft Enterprise PeopleTools accessible data. The vulnerability also has a scope change, potentially impacting additional products beyond PeopleTools. The CVSS 3. 1 base score is 6. 1, reflecting confidentiality and integrity impacts but no availability impact.
CVSS v3.1
Score 6.1medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects Oracle PeopleSoft Enterprise PeopleTools (Portal component) versions 8.61-8.62. It is exploitable remotely over HTTP without authentication but requires user interaction from a third party. The vulnerability allows unauthorized modification (update, insert, delete) and unauthorized reading of some accessible data within PeopleSoft Enterprise PeopleTools. The CVSS vector indicates network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, low confidentiality and integrity impact, and no availability impact. The vulnerability is categorized under CWE-284 (Improper Access Control). Oracle’s April 2026 Critical Patch Update advisory references this vulnerability but does not explicitly state that a patch is available for PeopleSoft Enterprise PeopleTools. Customers are advised to review Oracle advisories and apply patches promptly when available.
Potential Impact
Successful exploitation can result in unauthorized read and modification (update, insert, delete) of some PeopleSoft Enterprise PeopleTools accessible data. The scope change indicates that additional Oracle products beyond PeopleTools may be impacted. The vulnerability does not affect system availability. No known active exploits have been reported. The medium severity rating and CVSS score of 6.1 reflect moderate risk primarily to confidentiality and integrity of data.
Mitigation Recommendations
Patch status is not yet confirmed — check the Oracle advisory at https://www.oracle.com/security-alerts/cpuapr2026.html for current remediation guidance. Oracle strongly recommends applying Critical Patch Updates promptly when patches become available. Until a patch is applied, organizations should consider limiting network exposure of affected PeopleSoft Enterprise PeopleTools versions and exercising caution with user interactions that could trigger exploitation. No vendor advisory states that no action is required or that the issue is already mitigated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- oracle
- Date Reserved
- 2026-03-26T19:48:45.674Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","vendor":"Oracle"}]
Threat ID: 69e7e5a019fe3cd2cdf9f743
Added to database: 4/21/2026, 9:01:20 PM
Last enriched: 4/29/2026, 11:34:07 AM
Last updated: 6/1/2026, 7:29:54 AM
Views: 36
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.