CVE-2026-21951

🔶 medium

Summary

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significant

Description

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).

CVSS Score

6.1

Medium

EPSS Score

0.0

Exploit Probability

Published Date

2026-01-20

First Seen: 2026-01-28

Last Modified 2026-01-29

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE IDs (Weakness Types)

CWE-79

🔗 References 1

https://www.oracle.com/security-alerts/cpujan2026.html

Vendor Advisory

📦 Affected Products 3

Vendor	Product	Status	Affected Versions
oracle	peoplesoft_enterprise_peopletools	Affected	v8.60
oracle	peoplesoft_enterprise_peopletools	Affected	v8.61
oracle	peoplesoft_enterprise_peopletools	Affected	v8.62

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-21934	🔶 medium	5.4	0.0	Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Push Notifications). Su...	2026-01-20
CVE-2026-21938	🔶 medium	6.1	0.0	Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported vers...	2026-01-20
CVE-2025-53048	🔶 medium	5.4	0.0	Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich Text Editor). Supp...	2025-10-21
CVE-2025-53050	⚠️ high	7.5	0.1	Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Performance Monitor). S...	2025-10-21
CVE-2025-53055	🔶 medium	6.1	0.0	Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). S...	2025-10-21
CVE-2025-53059	🔶 medium	4.9	0.1	Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch Dashboards). ...	2025-10-21

These CVEs affect the same products