Oracle has issued an urgent advisory on a newly discovered vulnerability in its PeopleSoft software, a widely used enterprise resource planning (ERP) suite. The flaw, identified as CVE-2026-35273, allows unauthorized attackers to execute remote code. This advisory follows reports of targeted attacks by the ShinyHunters hacker group, exploiting the vulnerability.
Details of the PeopleSoft Vulnerability
PeopleSoft is a comprehensive ERP solution that supports numerous business operations such as human resources, finance, and supply chain management. The critical vulnerability affects PeopleTools versions 8.61 and 8.62, potentially impacting users of PeopleSoft Enterprise Applications. Oracle has not yet provided a complete patch but has issued mitigation measures to address immediate risks.
Oracle has not confirmed whether the vulnerability has been actively exploited as a zero-day attack. However, they emphasized the importance of implementing the recommended mitigations to reduce the risk of exposure significantly.
Hacker Group Targeting PeopleSoft
The ShinyHunters hacker group has reportedly targeted over 300 PeopleSoft instances across more than 100 organizations. These cybercriminals are known for exploiting both old and zero-day vulnerabilities to access sensitive data, with the education sector being notably impacted. The University of Nottingham, among others, confirmed a major data breach, underscoring the threat’s seriousness.
ShinyHunters has a history of attacking widely-used enterprise software, previously targeting Salesforce customers in large-scale data theft operations. Security experts, including Mandiant CTO Charles Carmakal, have issued warnings about such zero-day exploitations.
Response and Recommendations
While Oracle’s advisory did not explicitly confirm in-the-wild exploitation, it is common for the company to withhold such details in public advisories. TrendAI researchers, credited with reporting the vulnerability, continue to investigate its exploitation extent. Dustin Childs, from TrendAI’s Zero Day Initiative, noted that while current exploitation is limited, ongoing investigations are crucial.
This development arrives shortly after CISA’s alert regarding another exploited Oracle WebLogic vulnerability. Organizations using PeopleSoft are urged to implement Oracle’s recommended mitigations promptly to protect against potential attacks.
Security experts and affected organizations are closely monitoring the situation, emphasizing the need for vigilance and rapid response strategies to safeguard enterprise systems against emerging cyber threats.
