Government Warns About Oracle Business Software Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a new security vulnerability to its official list of exploited vulnerabilities. The problem, called CVE-2026-35273 (an industry tracking number for this software flaw), affects Oracle PeopleSoft Enterprise PeopleTools. CISA added this vulnerability because they have evidence that attackers are actively using it to break into systems. PeopleSoft is business software that companies and government agencies use to manage employee records, payroll, and other administrative tasks. Most families do not use PeopleSoft at home. However, if you work for a large company, university, or government agency, your employer might use this software to handle your payroll, benefits, or personnel information. The vulnerability involves missing authentication, which means attackers could access important functions without proper permission.

If you are a home user, there is nothing you need to do. This is a business software issue. If you work somewhere that uses PeopleSoft, your employer's IT team should be handling the fix. You can take these optional steps:

1. Stay alert for any communications from your employer about security updates or password changes.
2. Monitor your work email for unusual activity.
3. Watch your pay stubs and benefits information for any unexpected changes. Although this vulnerability does not directly affect home computers, it highlights why workplace security matters to families. Your employer holds sensitive information about you, including your social security number, bank account details, and personal contact information. Encourage your workplace to take security seriously. At home, continue practicing good security habits like using strong passwords and watching for suspicious emails, especially those claiming to be from your employer.