CVE-2026-34300 affects Oracle PeopleSoft Enterprise FIN Contracts version 9.2. It is an easily exploitable vulnerability that allows an attacker with low privileges and network access via HTTP to compromise the product, resulting in unauthorized access to critical or all accessible data. The CVSS 3.1 vector indicates network attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, high confidentiality impact, and no impact on integrity or availability. Oracle's April 2026 Critical Patch Update advisory references multiple patches across many products but does not explicitly confirm a patch for this vulnerability. The advisory emphasizes the importance of applying patches promptly to prevent exploitation of known vulnerabilities.

Successful exploitation of this vulnerability can lead to unauthorized access to critical data or complete access to all data accessible through PeopleSoft Enterprise FIN Contracts version 9.2. The impact is limited to confidentiality with no reported impact on integrity or availability. There are no known active exploits in the wild at this time.

Oracle's April 2026 Critical Patch Update advisory recommends applying available security patches promptly. However, the advisory does not explicitly confirm a patch for CVE-2026-34300. Therefore, patch status is not yet confirmed—check the Oracle advisory at https://www.oracle.com/security-alerts/cpuapr2026.html for current remediation guidance. Customers should remain on actively supported versions and apply Critical Patch Updates without delay once patches for this vulnerability are available.