HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-35271Published Modified CNA oracle

CVE-2026-35271: Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Weblogic)

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Weblogic). Supported versions that are affected are 8.61 and 8.62. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. While the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.1 Base Score 8.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N).

Metrics

CVSS v3.1
8.7
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is a network-exploitable vulnerability in the WebLogic component of Oracle PeopleSoft Enterprise PT PeopleTools, affecting versions 8.61 and 8.62. An unauthenticated attacker with HTTP access to the server can exploit it without any user interaction, though the attack requires overcoming certain environmental conditions. Successful exploitation gives the attacker full read access to all data the application can reach, as well as the ability to create, modify, or delete critical data, with impact that can extend beyond PeopleTools itself into other connected products. HarborGuard is tracking this advisory and will make a patched-image rebuild available the moment Oracle publishes a fix.

HarborGuard Coverage

Detection

Detection capability for CVE-2026-35271 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from Oracle and upstream advisory feeds. Coverage extends to custom-built images that bundle PeopleTools 8.61 or 8.62 components, including images assembled internally by customer teams.

Available
Triage

HarborGuard is capable of scoring this CVE at CVSS 8.7 HIGH and weighting that score against each customer environment's compliance policy to determine urgency. Findings are routed to the appropriate team inbox within each customer organization based on configured ownership rules.

Available
Patch

Because no fix version has been published by Oracle, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available as soon as an upstream fix is released. In the meantime, customers can apply compensating controls through HarborGuard's network-policy isolation and egress-filtering recommendations surfaced on the finding detail page.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the PeopleTools WebLogic HTTP endpoint over the network; no local or physical access is needed, but the service must be exposed.

  • AuthenticationNot required

    No credentials or session token of any kind are required; the attacker can initiate the exploit as an anonymous HTTP client.

  • Victim interactionNot required

    The exploit proceeds entirely without any action from a logged-in user or administrator.

  • Attack complexityDetail

    The attack is rated High complexity, meaning the attacker must navigate specific environmental conditions, timing constraints, or configuration dependencies before the exploit succeeds reliably.

Blast Radius

  • Reads all data accessible to the PeopleTools application, including stored records, credentials, and session material.
  • Creates, modifies, or deletes critical data rows within PeopleTools-managed datastores.
  • Scope change means a successful attack can pivot to affect other Oracle products or services integrated with the compromised PeopleTools instance.

How HarborGuard Handles This

Available on HarborGuard: because Oracle has not yet published a fix for CVE-2026-35271, HarborGuard monitors the advisory on every ingest cycle and will automatically surface a patched-image rebuild the moment a fix version is released. For environments with auto-remediation enabled, that rebuild will trigger a regression-test run and open a PR against affected workloads without manual intervention. While no patch is available, HarborGuard surfaces compensating-control guidance on the finding detail page, including network-policy isolation to restrict HTTP access to the WebLogic endpoint, egress filtering to limit lateral movement in the event of compromise, and feature-flag or deployment-gate options to block promotion of images carrying the affected PeopleTools versions into production. Customers whose compliance policies require an explicit risk-acceptance record can log that decision directly against the finding.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / PeopleSoft Enterprise PT PeopleTools
    8.61 · 8.62
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
References