logo

CVE-2026-35273 in Oracle PeopleSoft PeopleTools EMHub Under Active Exploitation

ID: 06999747-0d25-5c2b-9daf-64632d40070d

STIX ID: report--06999747-0d25-5c2b-9daf-64632d40070d

Feed Name: SOCRadar Blog

Threat Score
90/100

Date Published: 2026-06-12

Date Updated: 2026-06-14

Author: Ameer Owda

...
...

Oracle disclosed CVE-2026-35273, a critical unauthenticated RCE (CVSS 9.8) in PeopleSoft PeopleTools EMHub (affecting supported 8.61/8.62 and likely older builds) that is being actively exploited in the wild (reported May 27–June 9, 2026) with activity attributed to ShinyHunters and linked to compromise-plus-extortion. Organizations should treat internet-facing EMHub surfaces as high risk, apply Oracle patches or vendor guidance immediately, restrict or disable EMHub (block /PSEMHUB/* and /PSIGW/HttpListeningConnector paths), and assume compromise if exposed while conducting forensic and containment actions.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.