This vulnerability in Oracle PeopleSoft Enterprise PT PeopleTools (Performance Monitor component) affects versions 8.61 and 8.62. It allows an unauthenticated attacker with network access via HTTP to compromise the system fully, leading to takeover of the PeopleTools environment. The CVSS 3.1 score of 9.8 reflects critical severity with high impact on confidentiality, integrity, and availability. Oracle's June 2026 Critical Security Patch Update addresses this vulnerability among others. The vendor strongly recommends applying the patch immediately to prevent exploitation. No known exploits in the wild have been reported yet.

Successful exploitation allows an unauthenticated remote attacker to take over the PeopleSoft Enterprise PT PeopleTools environment, impacting confidentiality, integrity, and availability of the system. This could lead to unauthorized access, data compromise, and disruption of services.

Oracle has released a Critical Security Patch Update in June 2026 that includes patches for this vulnerability. Customers should apply the June 2026 Critical Security Patch Update for Oracle PeopleSoft PeopleTools and Oracle PeopleSoft Enterprise Applications without delay. Until patches are applied, risk may be reduced by blocking network protocols required by the attack or removing unnecessary privileges, though these may impact application functionality. Oracle strongly recommends remaining on actively-supported versions and applying security patches promptly.