This vulnerability in Oracle PeopleSoft Enterprise PeopleTools (versions 8.61-8.62) involves a security flaw in the product's security component that can be exploited remotely by an attacker with low privileges over HTTP. Successful exploitation can lead to unauthorized creation, deletion, or modification of critical data or full access to all data accessible through PeopleSoft Enterprise PeopleTools. The CVSS 3.1 base score is 8.1, reflecting high confidentiality and integrity impacts with network attack vector, low attack complexity, and no user interaction required. The vulnerability is categorized under CWE-284 (Improper Access Control). Oracle's April 2026 Critical Patch Update advisory references multiple patches but does not explicitly state a patch for this specific vulnerability or provide remediation details for PeopleSoft Enterprise PeopleTools.

Exploitation of this vulnerability can result in unauthorized access to critical data and unauthorized modification or deletion of data within PeopleSoft Enterprise PeopleTools. This compromises the confidentiality and integrity of the affected system's data. There is no impact on availability reported. The vulnerability is exploitable remotely over the network by a low-privileged attacker without user interaction, increasing the risk of compromise if unpatched.

Oracle's April 2026 Critical Patch Update advisory references multiple security patches across Oracle products but does not explicitly confirm a patch or remediation for CVE-2026-34309 in PeopleSoft Enterprise PeopleTools. Patch status is not yet confirmed — check the Oracle advisory at https://www.oracle.com/security-alerts/cpuapr2026.html for the latest remediation guidance. Oracle strongly recommends applying Critical Patch Updates promptly and remaining on actively supported versions. Until a patch is confirmed and applied, restrict network access to PeopleSoft Enterprise PeopleTools instances to trusted users and monitor for suspicious activity related to unauthorized data access or modification.