{
  "title": "Oracle PeopleSoft CVE-2026-35273: KEV SSRF-to-RCE Zero-Day Exploitation",
  "summary": "CISA added actively exploited Oracle PeopleSoft PeopleTools CVE-2026-35273 to KEV on 2026-06-12. Affects PSEMHUB in versions 8.61 and 8.62, allowing unauthenticated remote code execution exploited by ShinyHunters.",
  "date": "2026-06-12",
  "severity": "critical",
  "tags": [
    "oracle",
    "peoplesoft",
    "peopletools",
    "cisa-kev",
    "rce",
    "shinyhunters",
    "zero-day"
  ],
  "sources_count": 3,
  "indicators": {
    "slug": "oracle-peoplesoft-cve-2026-35273-kev",
    "since": "2026-06-12T00:00:00Z",
    "until": "2026-06-12T23:59:59Z",
    "ecosystem": "",
    "cves": [
      "CVE-2026-35273"
    ],
    "cwes": [
      "CWE-306"
    ],
    "advisoryIds": [],
    "products": [
      "PeopleSoft PeopleTools"
    ],
    "packages": [],
    "versions": [],
    "affectedVersions": [
      "8.61",
      "8.62"
    ],
    "fixedVersions": [
      "Apply June 2026 Oracle Security Update"
    ],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [
      "www.oracle.com",
      "www.mandiant.com",
      "www.cisa.gov"
    ],
    "urls": [
      "https://www.oracle.com/security-alerts/",
      "https://www.mandiant.com/resources/blog",
      "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-35273",
      "https:///PSEMHUB/",
      "https:///PSIGW/HttpListeningConnector"
    ],
    "ips": [],
    "hashes": [],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": []
  }
}