This vulnerability affects Oracle PeopleSoft Enterprise CS Student Records version 9.2, specifically the Research Tracking component. It is exploitable over the network via HTTP by an attacker with low privileges but requires user interaction from a third party. The vulnerability can result in unauthorized access to sensitive data within the PeopleSoft system. The CVSS 3.1 vector indicates network attack vector, low attack complexity, low privileges required, user interaction required, unchanged scope, high confidentiality impact, and no impact on integrity or availability. Oracle's April 2026 Critical Patch Update advisory references multiple patched vulnerabilities but does not explicitly confirm a patch for this specific CVE. Customers should monitor Oracle advisories and apply relevant patches when available.

Successful exploitation of this vulnerability can lead to unauthorized access to critical or all accessible data in PeopleSoft Enterprise CS Student Records. The confidentiality of sensitive student records and related data may be compromised. There is no reported impact on data integrity or system availability. The vulnerability requires user interaction, which may limit exploitation scenarios. No known exploits are reported in the wild at this time.

Oracle's April 2026 Critical Patch Update advisory recommends applying the latest security patches promptly. Although no explicit patch for CVE-2026-35241 is detailed in the advisory, customers should remain on supported versions and apply all relevant Critical Patch Updates without delay. Until a specific patch is confirmed, organizations should follow Oracle's guidance and monitor official advisories for updates. No vendor advisory states that no action is required or that the issue is already mitigated.