Skip to main content
News Directory 3
  • Business
  • Entertainment
  • Health
  • News
  • Sports
  • Tech
  • World
Menu
  • Business
  • Entertainment
  • Health
  • News
  • Sports
  • Tech
  • World
Oracle Warns of Critical PeopleSoft Vulnerability Exploited by Hackers in Over 100 Organizations - News Directory 3

Oracle Warns of Critical PeopleSoft Vulnerability Exploited by Hackers in Over 100 Organizations

June 12, 2026 Lisa Park Tech
News Context
At a glance
  • Oracle issued a security warning on June 11, 2026, regarding a critical zero-day vulnerability in its PeopleSoft software, tracked as CVE-2026-35273.
  • The vulnerability carries a CVSS score of 9.8, which categorizes the risk as critical.
  • CVE-2026-35273 is a security flaw in Oracle PeopleSoft that enables attackers to execute commands or access data over the internet.
Original source: thenextweb.com

Oracle issued a security warning on June 11, 2026, regarding a critical zero-day vulnerability in its PeopleSoft software, tracked as CVE-2026-35273. According to The Next Web, the flaw allows unauthenticated remote attackers to breach systems, and the hacking group ShinyHunters has already used it to compromise more than 100 organizations.

The vulnerability carries a CVSS score of 9.8, which categorizes the risk as critical. This score reflects the ease of exploitation and the potential for complete system compromise. Oracle has not released a patch for the flaw as of June 11, 2026.

What is the CVE-2026-35273 vulnerability?

CVE-2026-35273 is a security flaw in Oracle PeopleSoft that enables attackers to execute commands or access data over the internet. The most severe aspect of the vulnerability is that it requires no authentication. This means a hacker does not need a valid username, password, or internal network access to exploit the system, according to The Next Web.

What is the CVE-2026-35273 vulnerability?

Because PeopleSoft is an enterprise resource planning (ERP) suite, it typically manages sensitive corporate data. This includes human resources records, payroll information, and financial data. A vulnerability that allows unauthenticated remote access puts this specific data at high risk of exfiltration.

Who is exploiting the PeopleSoft flaw?

The hacking group known as ShinyHunters is responsible for the current wave of attacks. The group has already breached more than 100 organizations using this specific zero-day exploit, according to The Next Web.

[6/11 23:00] Oracle PeopleSoft zero-day, ShinyHunters breach 100+ organizations / Perplexity move…

ShinyHunters has a history of targeting high-profile corporate databases to steal and sell sensitive information on underground forums. The scale of this breach suggests the group automated the discovery of vulnerable PeopleSoft instances across the public internet.

Why is the CVSS score 9.8?

The Common Vulnerability Scoring System (CVSS) uses a scale from 0 to 10 to rank the severity of security holes. A score of 9.8 is nearly the highest possible rating. This specific score is driven by three primary factors:

  • Attack Vector: The flaw is exploitable remotely via the internet.
  • Attack Complexity: The exploit requires low technical effort to execute.
  • Privileges Required: No authentication or special privileges are needed to trigger the vulnerability.

When these factors combine, the vulnerability becomes a high-priority target for threat actors because it provides a low-friction path into an organization’s core business systems.

How are organizations managing the risk without a patch?

Oracle has not yet provided a software update to fix CVE-2026-35273. This leaves PeopleSoft users in a position where they must rely on mitigating controls to prevent breaches until an official patch arrives.

Standard mitigation for unauthenticated remote vulnerabilities usually involves restricting network access. Organizations may use firewalls or Virtual Private Networks (VPNs) to ensure that PeopleSoft instances are not exposed directly to the public internet. By hiding the software behind a secure gateway, companies can block the attack vector used by ShinyHunters.

The lack of an immediate patch increases the window of opportunity for other hacking groups to adopt the same exploit. Security teams are advised to monitor their logs for unusual activity originating from external IP addresses targeting PeopleSoft endpoints.

Share this:

  • Share on Facebook (Opens in new window) Facebook
  • Share on X (Opens in new window) X

Related

Search:

News Directory 3

News Directory 3 catalogs US newspapers, news services, newsstands and digital news outlets across all 50 states. Browse local publishers by city, state, or topic, and follow current headlines linked back to their original sources.

Quick Links

  • Disclaimer
  • Terms and Conditions
  • About Us
  • Advertising Policy
  • Contact Us
  • Cookie Policy
  • Editorial Guidelines
  • Privacy Policy

Browse by State

  • Alabama
  • Alaska
  • Arizona
  • Arkansas
  • California
  • Colorado

© 2026 News Directory 3. All rights reserved.
For contact, advertising, copyright, issues email: office@newsdirectory3.com