This vulnerability affects Oracle PeopleSoft Enterprise FIN Maintenance Management 9.2, enabling a low privileged attacker with network access over HTTP to compromise the system and access sensitive data. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) indicates network attack vector, low attack complexity, requiring low privileges, no user interaction, unchanged scope, and high confidentiality impact without affecting integrity or availability. The vulnerability is categorized under CWE-284 (Improper Access Control). Oracle's April 2026 Critical Patch Update advisory references multiple patches but does not explicitly confirm a patch for this specific vulnerability. Customers are advised to review the advisory and apply relevant patches promptly.

Successful exploitation of this vulnerability can lead to unauthorized access to critical or all accessible data within PeopleSoft Enterprise FIN Maintenance Management 9.2. The confidentiality of sensitive information is at high risk, but the vulnerability does not impact data integrity or availability. There are no known exploits in the wild currently.

Oracle's April 2026 Critical Patch Update advisory recommends applying the latest security patches promptly. However, the advisory does not explicitly confirm patch availability for CVE-2026-34301. Therefore, patch status is not yet confirmed—customers should consult the Oracle advisory at https://www.oracle.com/security-alerts/cpuapr2026.html for current remediation guidance. Until a patch is confirmed and applied, organizations should limit network access to the affected PeopleSoft component to trusted users only and monitor for unusual access patterns related to the product.