CVE-2026-34277 affects Oracle PeopleSoft Enterprise PeopleTools versions 8.61-8.62, involving a vulnerability in the Fluid Core component. It permits a high privileged attacker with network access via HTTP to perform unauthorized data modifications (update, insert, delete) and unauthorized read access on some PeopleTools data, as well as cause a partial denial of service. The vulnerability has a CVSS 3.1 score of 6.6 with network attack vector, low attack complexity, high privileges required, no user interaction, and impacts confidentiality, integrity, and availability at a low to partial level. The scope of impact extends beyond PeopleTools to additional Oracle products. Oracle’s April 2026 Critical Patch Update advisory references this vulnerability but does not explicitly confirm a dedicated patch for PeopleTools. The advisory emphasizes the importance of applying Critical Patch Updates promptly to mitigate such vulnerabilities.

An attacker with high privileges and network access via HTTP can exploit this vulnerability to gain unauthorized read and write access to some PeopleSoft Enterprise PeopleTools data and cause a partial denial of service. This can compromise confidentiality, integrity, and availability of the affected system. The vulnerability also has a scope change, meaning it may affect additional Oracle products beyond PeopleTools. The CVSS score of 6.6 reflects a medium severity impact.

Oracle’s April 2026 Critical Patch Update advisory includes this vulnerability among many others and strongly recommends that customers apply Critical Patch Updates without delay. Although the advisory does not explicitly confirm a specific patch for PeopleSoft Enterprise PeopleTools CVE-2026-34277, customers should monitor Oracle’s security alerts and apply all relevant patches as soon as they become available. Maintaining up-to-date patching of Oracle products is the primary mitigation. Patch status is not yet confirmed specifically for this vulnerability; check the vendor advisory for current remediation guidance.