This vulnerability affects the Deployment Package component of Oracle PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62. It permits an unauthenticated attacker with network access over HTTPS to compromise the product, potentially resulting in full takeover. The CVSS 3.1 base score is 8.1, indicating high severity with impacts on confidentiality, integrity, and availability. Oracle's June 2026 Critical Security Patch Update includes patches for this vulnerability, and customers are urged to apply these updates without delay. No detailed exploitation techniques or specific attack vectors beyond network access via HTTPS are provided. The vendor advisory emphasizes the importance of patching and suggests possible risk reduction by blocking required network protocols or limiting privileges until patches are applied.

Successful exploitation can lead to complete takeover of the PeopleSoft Enterprise PT PeopleTools environment, impacting confidentiality, integrity, and availability of the system. The vulnerability is exploitable remotely without authentication but is considered difficult to exploit. No known exploits in the wild have been reported at this time.

Oracle has released patches for this vulnerability as part of the June 2026 Critical Security Patch Update. Customers should apply these patches promptly to remediate the issue. Until patches are applied, risk may be reduced by blocking network protocols required for exploitation or by restricting user privileges related to the vulnerable components, though these measures may affect application functionality. Oracle strongly recommends remaining on actively supported versions and applying security patches without delay.