Oracle Issues Mitigation for PeopleSoft Zero-Day CVE-2026-35273

Oracle has released mitigations for CVE-2026-35273, a vulnerability in its PeopleSoft product, according to SecurityWeek. The company has not confirmed whether the flaw is being actively exploited in zero-day attacks.

The severity of the vulnerability remains undisclosed, though reports of exploitation attempts by the ShinyHunters group have raised concerns. No CVSS score or number of affected systems has been provided by Oracle.

CVE-2026-35273 targets an unspecified component within PeopleSoft, an enterprise resource planning suite used by large organizations. The attack vector and technical details of the exploit have not been publicly detailed by Oracle or SecurityWeek.

Oracle has issued mitigations but has not announced a full patch timeline. Organizations running PeopleSoft are advised to apply the mitigations as soon as possible to reduce risk.

The ShinyHunters group, previously linked to data breaches and extortion, has not publicly claimed responsibility for these attacks. The broader threat landscape suggests continued interest in enterprise software vulnerabilities by criminal actors.