CVE-2026-46979: Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise CS Campus Community accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise CS Campus Community accessible data. in O
CVE-2026-46979 is a vulnerability in Oracle PeopleSoft Enterprise CS Campus Community version 9.2.38 affecting the Integration and Interfaces component. It allows a high privileged attacker with network access via HTTPS to compromise the system, potentially leading to unauthorized creation, deletion, or modification of critical data. The vulnerability has a CVSS 3.1 base score of 6.5, indicating a medium severity with high confidentiality and integrity impact but no impact on availability. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update, which contains numerous security fixes across many products including PeopleSoft. Customers are strongly advised to apply the June 2026 patches promptly to mitigate this risk. No specific workaround is detailed beyond general recommendations to restrict privileges and block attack-related network protocols, which may impact functionality.
AI Analysis
Technical Summary
CVE-2026-46979 is a medium severity vulnerability in Oracle PeopleSoft Enterprise CS Campus Community 9.2.38, specifically in the Integration and Interfaces component. It allows a high privileged attacker with network access via HTTPS to gain unauthorized creation, deletion, or modification access to critical data or all accessible data within the product. The CVSS 3.1 vector is AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N, reflecting network attack vector, low attack complexity, high privileges required, no user interaction, unchanged scope, and high confidentiality and integrity impacts without availability impact. Oracle has addressed this vulnerability in its June 2026 Critical Security Patch Update, which includes patches for PeopleSoft products. Oracle strongly recommends applying these patches without delay to prevent exploitation. Until patches are applied, risk reduction may be possible by blocking relevant network protocols and limiting privileges, though these may affect application functionality.
Potential Impact
Successful exploitation allows a high privileged attacker with network access via HTTPS to perform unauthorized creation, deletion, or modification of critical data or all accessible data within PeopleSoft Enterprise CS Campus Community 9.2.38. This results in high confidentiality and integrity impact, potentially compromising sensitive data and system integrity. There is no impact on availability. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
Oracle has released a Critical Security Patch Update in June 2026 that addresses this vulnerability among others. Customers should apply the June 2026 Critical Security Patch Update for Oracle PeopleSoft Enterprise Applications, including PeopleSoft Enterprise CS Campus Community 9.2.38, as soon as possible. Until patches are applied, risk may be reduced by blocking network protocols required by an attack and removing unnecessary privileges from users, though these measures may disrupt application functionality. Oracle strongly recommends staying on actively supported versions and applying security patches promptly.
CVE-2026-46979: Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise CS Campus Community accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise CS Campus Community accessible data. in O
Description
CVE-2026-46979 is a vulnerability in Oracle PeopleSoft Enterprise CS Campus Community version 9.2.38 affecting the Integration and Interfaces component. It allows a high privileged attacker with network access via HTTPS to compromise the system, potentially leading to unauthorized creation, deletion, or modification of critical data. The vulnerability has a CVSS 3.1 base score of 6.5, indicating a medium severity with high confidentiality and integrity impact but no impact on availability. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update, which contains numerous security fixes across many products including PeopleSoft. Customers are strongly advised to apply the June 2026 patches promptly to mitigate this risk. No specific workaround is detailed beyond general recommendations to restrict privileges and block attack-related network protocols, which may impact functionality.
CVSS v3.1
Score 6.5medium
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-46979 is a medium severity vulnerability in Oracle PeopleSoft Enterprise CS Campus Community 9.2.38, specifically in the Integration and Interfaces component. It allows a high privileged attacker with network access via HTTPS to gain unauthorized creation, deletion, or modification access to critical data or all accessible data within the product. The CVSS 3.1 vector is AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N, reflecting network attack vector, low attack complexity, high privileges required, no user interaction, unchanged scope, and high confidentiality and integrity impacts without availability impact. Oracle has addressed this vulnerability in its June 2026 Critical Security Patch Update, which includes patches for PeopleSoft products. Oracle strongly recommends applying these patches without delay to prevent exploitation. Until patches are applied, risk reduction may be possible by blocking relevant network protocols and limiting privileges, though these may affect application functionality.
Potential Impact
Successful exploitation allows a high privileged attacker with network access via HTTPS to perform unauthorized creation, deletion, or modification of critical data or all accessible data within PeopleSoft Enterprise CS Campus Community 9.2.38. This results in high confidentiality and integrity impact, potentially compromising sensitive data and system integrity. There is no impact on availability. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
Oracle has released a Critical Security Patch Update in June 2026 that addresses this vulnerability among others. Customers should apply the June 2026 Critical Security Patch Update for Oracle PeopleSoft Enterprise Applications, including PeopleSoft Enterprise CS Campus Community 9.2.38, as soon as possible. Until patches are applied, risk may be reduced by blocking network protocols required by an attack and removing unnecessary privileges from users, though these measures may disrupt application functionality. Oracle strongly recommends staying on actively supported versions and applying security patches promptly.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- oracle
- Date Reserved
- 2026-05-18T15:55:10.315Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","vendor":"Oracle"}]
Threat ID: 6a31b6380b89be6888266912
Added to database: 6/16/2026, 8:46:48 PM
Last enriched: 6/16/2026, 9:00:58 PM
Last updated: 6/16/2026, 11:32:51 PM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.