Book a meeting

› 04:54:51 BSI CVE-2026-7374 Red Hat OpenShift Virtualization: Schwachstelle ermöglicht Privilegie… · › 13:40:36 CCB CVE-2026-20262 Cisco Issues Security Updates for an Actively Exploited SD-WAN Vulner… · › 11:54:54 BSI CVE-2026-40385 libexif: Mehrere Schwachstellen ermöglichen Denial of Service und Off… · › 11:54:54 BSI CVE-2026-23279 Linux Kernel: Mehrere Schwachstellen · › 11:54:53 BSI CVE-2025-71145 Linux Kernel: Mehrere Schwachstellen · › 11:54:53 BSI CVE-2022-50697 Linux Kernel: Mehrere Schwachstellen · › 11:54:52 BSI CVE-2022-50631 Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service · › 11:54:52 BSI CVE-2024-58087 Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service · › 11:54:51 BSI CVE-2024-53172 Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service · › 11:54:50 BSI CVE-2026-10828 Moxa NPort W2150A: Mehrere Schwachstellen · › 11:49:58 BSI CVE-2026-23234 Linux Kernel: Mehrere Schwachstellen · › 11:49:57 BSI CVE-2026-31535 Linux Kernel: Mehrere Schwachstellen ·

← Back to console

Critical CCB · Belgium CVE-2026-35273

Critical, Actively exploited RCE in Oracle PeopleSoft

Published 12 June 2026 at 14:39

Description

CVE-2026-35273 is a Missing Authentication for Critical Function vulnerability in the Updates Environment Management component of PeopleSoft which is being exploited by threat actors and APTs (ShinyHunters, Cl0p ransomware group) to execute code remotely and take full control of the PeopleSoft Enterprise PeopleTools system. An unauthenticated, remote attacker without any privileges and without any user interaction, can exploit this low-complexity vulnerability to connect to the system via HTTP to compromise the system, read sensitive data, and modify the system configurations.