Oracle PeopleSoft FIN Maintenance: Low-Privilege HTTP Unauthorized Access (9.2)
CVE-2026-34299 Published on April 21, 2026
Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft (component: Work Order Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Maintenance Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise FIN Maintenance Management accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
Vulnerability Analysis
CVE-2026-34299 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2026-34299 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2026-34299
stack.watch emails you whenever new vulnerabilities are published in Oracle or Oracle Peoplesoft Enterprise Fin Maintenance Management. Just hit a watch button to start following.
