CVE-2026-46979
Oracle has fixed vulnerabilities in Oracle PeopleSoft Enterprise PT PeopleTools (versions 8.61 and 8.62) and PeopleSoft Enterprise CS Campus Community and Student Financials (version 9.2.38). The vulnerabilities in Oracle PeopleSoft Enterprise PT PeopleTools versions 8.61 and 8.62 allow unauthenticated attackers with network access via HTTP or HTTPS to bypass authentication controls, enabling them to create, delete, or modify critical data. Some vulnerabilities allow for complete system compromise, including executing arbitrary code and taking over the system. Additionally, attackers with high privileges and infrastructure access can gain full control over the system. The vulnerabilities affect the confidentiality, integrity, and availability of the system. For PeopleSoft Enterprise CS Campus Community and Student Financials version 9.2.38, attackers with low or high privileges and network access via HTTP or HTTPS can also manipulate critical data or take over the system. The vulnerabilities are related to insufficient access control and affect key components of the PeopleSoft environment.
CSIRTS triage
- What
- Vulnerabilities could allow unauthenticated attackers to bypass authentication and gain control over the system.
- Who is affected
- Users of Oracle PeopleSoft Enterprise versions 8.61, 8.62, and 9.2.38.
- Urgency
- Remediation is urgent due to the potential for complete system compromise.
- Action
- Users should apply the updates provided by Oracle.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch CVE-2026-46979
Get an email if CVE-2026-46979 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.
Exploitation outlook
- Low exploitation risk0.29% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 21% of all EPSS-scored CVEs.
Advisory coverage (1)
- unknownNCSC-2026-0204 [1.00] [M/H] Vulnerabilities fixed in Oracle PeopleSoft Enterprisencsc-nl · 2026-06-17
External references
Embed the live status
— this badge updates automatically when the KEV or exploit status changes. How to embed it →
[](https://www.csirts.com/cve/CVE-2026-46979)