Oracle PeopleSoft Zero-Day Vulnerability Exploitation (CVE-2026-35273)
Introduction Enterprise Resource Planning (ERP) systems store an organization’s most sensitive financial, operational, and personal data, making them prime targets for sophisticated cyber threat actors looking to maximize their leverage. On June 10, 2026, Oracle released an urgent, out-of-band security alert addressing CVE-2026-35273—a critical remote code execution (RCE) vulnerability actively exploited as a zero-day within the Oracle PeopleSoft PeopleTools component. Attributed to the advanced persistent threat group UNC6240 (which has