logo

Oracle PeopleSoft vulnerability: How to find impacted assets

ID: c49c647c-4b70-54f0-ac3e-7b556656e998

STIX ID: report--c49c647c-4b70-54f0-ac3e-7b556656e998

Feed Name: runZero Blog

Threat Score
85/100

Date Published: 2026-06-12

Date Updated: 2026-06-13

Author: Cale Black

...
...

Oracle disclosed CVE-2026-35273, an SSRF vulnerability in the PeopleSoft Environment Management Hub (EMHub) that can be abused by unauthenticated remote attackers to chain outbound requests, achieve remote code execution, create administrative accounts, and obtain root-level control; affected versions are PeopleSoft 8.61 and 8.62, evidence indicates active exploitation in the wild, and users are urged to update immediately with provided detection guidance (runZero query) to locate impacted assets.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.