A critical zero-day vulnerability (CVE-2026-35273) in Oracle's PeopleSoft software has been actively exploited by the ShinyHunters ransomware group, affecting approximately 100 organizations and resulting in significant data theft. The vulnerability, rated 9.8/10 in severity, is an SSRF flaw that allows attackers to make unauthorized requests from compromised servers. The University of Nottingham has confirmed being a victim, with gigabytes of student data stolen, while Oracle has only provided a temporary mitigation without a full patch.
Background
PeopleSoft is an enterprise software suite developed by Oracle that provides business applications for human resources, financial management, and other enterprise functions. Zero-day vulnerabilities are particularly dangerous as they are exploited before the vendor is aware or has a patch available.
- Source
- Ars Technica
- Published
- Jun 13, 2026 at 03:26 AM
- Score
- 9.0 / 10