This vulnerability affects Oracle PeopleSoft Enterprise FIN Project Costing version 9.2, specifically the Projects component. It allows an attacker with low privileges and network access over HTTP to compromise the system, resulting in unauthorized access to sensitive data. The CVSS vector indicates network attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, and high confidentiality impact without affecting integrity or availability. The vulnerability is categorized under CWE-284 (Improper Access Control). Oracle's April 2026 Critical Patch Update advisory lists many patches but does not explicitly confirm a patch for this vulnerability. No known exploits have been reported.

Successful exploitation can lead to unauthorized access to critical or all accessible data within PeopleSoft Enterprise FIN Project Costing 9.2. The confidentiality of sensitive information is at high risk, but there is no direct impact on data integrity or system availability. This could result in data exposure to unauthorized parties.

Oracle's April 2026 Critical Patch Update advisory does not explicitly confirm a patch for CVE-2026-34306. Patch status is not yet confirmed — check the vendor advisory at https://www.oracle.com/security-alerts/cpuapr2026.html for current remediation guidance. Customers should remain on actively supported versions and apply Oracle Critical Patch Updates promptly when patches for this vulnerability become available. No specific temporary mitigations or workarounds are provided by Oracle at this time.