CISA has added CVE-2026-35273, an authentication bypass flaw in Oracle PeopleSoft Enterprise PeopleTools, to its Known Exploited Vulnerabilities catalog due to active exploitation. The vulnerability allows complete system compromise and is now prioritized for remediation under updated federal directive BOD 26-04. CISA encourages all organizations, not just federal agencies, to adopt risk-based vulnerability management and prioritize patching of KEV catalog entries.

Why it matters in Western Canada: Oracle PeopleSoft is widely deployed in Canadian post-secondary institutions, public sector agencies, and healthcare organizations for human resources and financial management. Organizations in BC, Alberta, Saskatchewan, and Manitoba running PeopleSoft should treat this as a high-priority remediation target given active exploitation.

CVEs: CVE-2026-35273

---

Summary generated from the original advisory. Read the full source: cisa-advisories