HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Oracle PeopleSoft ExecuteProcessActivityCommand RCE (CVE‑2026‑35273) Enables Remote Code Execution

A remote code execution vulnerability (CVE‑2026‑35273) in Oracle PeopleSoft allows attackers to bypass authentication and execute arbitrary code via an unvalidated file path. The flaw impacts SOC 2 control mapping and audit evidence, making rapid patching and control documentation essential.

LiveThreat™ Intelligence · 📅 June 25, 2026· 📰 zerodayinitiative.com
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
1 sector(s)
Actions
3 recommended
📰
Source
zerodayinitiative.com

Oracle PeopleSoft ExecuteProcessActivityCommand RCE (CVE‑2026‑35273) – Remote Code Execution via Unvalidated File Path

What It Is — A critical remote code execution (RCE) flaw in Oracle PeopleSoft’s ExecuteProcessActivityCommand class allows an attacker to run arbitrary code on the application server. The vulnerability stems from insufficient validation of a user‑supplied file path, and the authentication check can be bypassed.

Exploitability — CVSS 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Public proof‑of‑concept exists; Oracle has released a patch, but unpatched installations remain at high risk.

Affected Products — Oracle PeopleSoft (all supported versions that include the vulnerable class).

Why It Matters for Compliance & Audit Readiness

  • Control Mapping: The flaw directly impacts SOC 2 CC6.1 (Change Management) and CC7.1 (System Operations) – you must demonstrate that code changes are reviewed, tested, and approved before deployment.
  • Continuous Evidence: Remediating the issue and capturing patch‑application evidence feeds the continuous‑compliance pipeline, giving auditors a verifiable trail.
  • Due Diligence: Enterprise buyers increasingly require proof that you have a formal process for identifying, prioritizing, and fixing critical vulnerabilities.

Recommended Actions

  • Deploy Oracle’s security update for CVE‑2026‑35273 without delay.
  • Map the vulnerability to the relevant SOC 2 controls (CC6.1, CC7.1) in your compliance framework and record remediation steps as audit evidence.
  • Enhance your change‑management workflow to include automated validation of file‑path inputs and post‑deployment verification.
  • Verify that authentication mechanisms cannot be bypassed by conducting targeted penetration testing.

Source: Zero Day Initiative Advisory ZDI‑26‑389

📰 Original Source
http://www.zerodayinitiative.com/advisories/ZDI-26-389/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →