This vulnerability affects Oracle PeopleSoft Enterprise FIN Maintenance Management version 9.2, allowing a low-privileged attacker with network access over HTTP to compromise the system and gain unauthorized access to critical or all accessible data. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) indicates network attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, high confidentiality impact, and no impact on integrity or availability. Oracle's April 2026 Critical Patch Update advisory references multiple patches across products but does not explicitly confirm a patch for this specific CVE. Oracle recommends applying Critical Patch Updates without delay to address vulnerabilities.

Successful exploitation can lead to unauthorized access to critical or all accessible data within PeopleSoft Enterprise FIN Maintenance Management 9.2. The confidentiality of sensitive information is at high risk, but there is no direct impact on data integrity or availability. No known exploits are reported in the wild.

Oracle strongly recommends applying the April 2026 Critical Patch Update and any subsequent patches promptly to mitigate this vulnerability. Since the vendor advisory does not explicitly confirm a dedicated patch for CVE-2026-34299, customers should monitor Oracle's security advisories and apply all relevant updates for PeopleSoft Enterprise FIN Maintenance Management 9.2. Maintaining up-to-date software versions and applying Critical Patch Updates without delay is the primary mitigation strategy.