AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (known ransomware use) (CISA Known Exploited Vulnerabilities catalog)

CVE-2026-35273: Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability

infovulnerability🔥 Weaponized

security

Source: CISA Known Exploited VulnerabilitiesJune 11, 2026CVE-2026-35273

Summary

Oracle PeopleSoft Enterprise PeopleTools has a missing authentication vulnerability (a security flaw where certain critical functions don't require a login) that allows attackers without credentials to take over the system. This vulnerability is actively being exploited by attackers in real-world attacks, and it has been used in ransomware (malicious software that locks up data and demands payment) campaigns.

Solution / Mitigation

Apply mitigations according to Oracle vendor instructions and follow CISA's BOD 26-04 guidance for prioritizing security updates based on risk. Check Oracle's security alert at https://www.oracle.com/security-alerts/alert-cve-2026-35273.html for patches. If mitigations are unavailable for cloud services, discontinue use of the product. The due date for patching is 2026-06-15.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Patch Available

Yes

Exploit Maturity

🔥 Weaponized

Disclosure Date

June 11, 2026

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-306

CAPEC (Attack Pattern)

CAPEC-115

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-35273

First tracked: June 12, 2026 at 08:00 PM

Classified by LLM (prompt v3) · confidence: 95%