GitHub PoC

• HORKimhab/CVE-2026-35273 • ⭐ 1 • 2026-06-12 • Conf: 95.0%
• CVE-2026-35273

FIRST EPSS

EPSS estimates the probability of exploitation in the next 30 days. Higher values indicate higher likelihood of real-world exploitation.

MITRE

CVSS

• Score: 9.8
• Severity: CRITICAL
• Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC

• Exploitation: active
• Automatable: yes
• Technical Impact: total

References

• https://www.oracle.com/security-alerts/alert-cve-2026-35273.html

Show Raw Data

Key	Remaining Key	Value
dataType		CVE_RECORD
dataVersion		5.2
cveMetadata >	cveId	CVE-2026-35273
cveMetadata >	assignerOrgId	43595867-4340-4103-b7a2-9a5208d29a85
cveMetadata >	state	PUBLISHED
cveMetadata >	assignerShortName	oracle
cveMetadata >	dateReserved	2026-04-01T20:03:40.835Z
cveMetadata >	datePublished	2026-06-11T02:25:15.375Z
cveMetadata >	dateUpdated	2026-06-12T19:58:23.631Z
containers >	cna > affected > 0 > product	PeopleSoft Enterprise PeopleTools
containers >	cna > affected > 0 > vendor	Oracle Corporation
containers >	cna > affected > 0 > versions > 0 > status	affected
containers >	cna > affected > 0 > versions > 0 > version	8.61
containers >	cna > affected > 0 > versions > 1 > status	affected
containers >	cna > affected > 0 > versions > 1 > version	8.62
containers >	cna > descriptions > 0 > lang	en
containers >	cna > descriptions > 0 > value	Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
containers >	cna > metrics > 0 > cvssV3_1 > attackComplexity	LOW
containers >	cna > metrics > 0 > cvssV3_1 > attackVector	NETWORK
containers >	cna > metrics > 0 > cvssV3_1 > availabilityImpact	HIGH
containers >	cna > metrics > 0 > cvssV3_1 > baseScore	9.8
containers >	cna > metrics > 0 > cvssV3_1 > baseSeverity	CRITICAL
containers >	cna > metrics > 0 > cvssV3_1 > confidentialityImpact	HIGH
containers >	cna > metrics > 0 > cvssV3_1 > integrityImpact	HIGH
containers >	cna > metrics > 0 > cvssV3_1 > privilegesRequired	NONE
containers >	cna > metrics > 0 > cvssV3_1 > scope	UNCHANGED
containers >	cna > metrics > 0 > cvssV3_1 > userInteraction	NONE
containers >	cna > metrics > 0 > cvssV3_1 > vectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
containers >	cna > metrics > 0 > cvssV3_1 > version	3.1
containers >	cna > problemTypes > 0 > descriptions > 0 > description	Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
containers >	cna > problemTypes > 0 > descriptions > 0 > lang	en
containers >	cna > problemTypes > 0 > descriptions > 0 > type	text
containers >	cna > providerMetadata > orgId	43595867-4340-4103-b7a2-9a5208d29a85
containers >	cna > providerMetadata > shortName	oracle
containers >	cna > providerMetadata > dateUpdated	2026-06-11T03:08:03.789Z
containers >	cna > references > 0 > name	Oracle Advisory
containers >	cna > references > 0 > tags > 0	vendor-advisory
containers >	cna > references > 0 > url	https://www.oracle.com/security-alerts/alert-cve-2026-35273.html
containers >	adp > 0 > problemTypes > 0 > descriptions > 0 > type	CWE
containers >	adp > 0 > problemTypes > 0 > descriptions > 0 > cweId	CWE-306
containers >	adp > 0 > problemTypes > 0 > descriptions > 0 > lang	en
containers >	adp > 0 > problemTypes > 0 > descriptions > 0 > description	CWE-306 Missing Authentication for Critical Function
containers >	adp > 0 > references > 0 > url	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-35273
containers >	adp > 0 > references > 0 > tags > 0	government-resource
containers >	adp > 0 > metrics > 0 > other > type	ssvc
containers >	adp > 0 > metrics > 0 > other > content > timestamp	2026-06-12T17:47:03.722288Z
containers >	adp > 0 > metrics > 0 > other > content > id	CVE-2026-35273
containers >	adp > 0 > metrics > 0 > other > content > options > 0 > Exploitation	active
containers >	adp > 0 > metrics > 0 > other > content > options > 1 > Automatable	yes
containers >	adp > 0 > metrics > 0 > other > content > options > 2 > Technical Impact	total
containers >	adp > 0 > metrics > 0 > other > content > role	CISA Coordinator
containers >	adp > 0 > metrics > 0 > other > content > version	2.0.3
containers >	adp > 0 > metrics > 1 > other > type	kev
containers >	adp > 0 > metrics > 1 > other > content > dateAdded	2026-06-12
containers >	adp > 0 > metrics > 1 > other > content > reference	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-35273
containers >	adp > 0 > title	CISA ADP Vulnrichment
containers >	adp > 0 > providerMetadata > orgId	134c704f-9b21-4f2e-91b3-4a467353bcc0
containers >	adp > 0 > providerMetadata > shortName	CISA-ADP
containers >	adp > 0 > providerMetadata > dateUpdated	2026-06-12T19:58:23.631Z
containers >	adp > 0 > timeline > 0 > time	2026-06-12T00:00:00.000Z
containers >	adp > 0 > timeline > 0 > lang	en
containers >	adp > 0 > timeline > 0 > value	CVE-2026-35273 added to CISA KEV