CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-46849

unknowncovered by 1 sourcefirst seen 2026-06-17
Oracle has fixed vulnerabilities in Oracle PeopleSoft Enterprise PT PeopleTools (versions 8.61 and 8.62) and PeopleSoft Enterprise CS Campus Community and Student Financials (version 9.2.38). The vulnerabilities in Oracle PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 allow unauthenticated attackers with network access via HTTP or HTTPS to bypass authentication controls, enabling them to create, delete, or modify critical data. Some vulnerabilities allow for complete system compromise, including executing arbitrary code and taking over the system. Additionally, attackers with high privileges and infrastructure access can gain full control over the system. The vulnerabilities affect the confidentiality, integrity, and availability of the system. For PeopleSoft Enterprise CS Campus Community and Student Financials version 9.2.38, attackers with low or high privileges and network access via HTTP or HTTPS can also manipulate critical data or take over the system. The vulnerabilities are related to insufficient access control and affect key components of the PeopleSoft environment.

CSIRTS triage

What
Vulnerabilities could allow unauthenticated attackers to bypass authentication and gain control over the system.
Who is affected
Users of Oracle PeopleSoft Enterprise versions 8.61, 8.62, and 9.2.38.
Urgency
Remediation is urgent due to the potential for complete system compromise.
Action
Users should apply the updates provided by Oracle.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-46849

Get an email if CVE-2026-46849 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-46849

CVE.org record

Embed the live status

CVE-2026-46849 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-46849 status](https://www.csirts.com/badge/CVE-2026-46849)](https://www.csirts.com/cve/CVE-2026-46849)