Is CVE-2026-35273 in the CISA Known Exploited Vulnerabilities catalog?

CVE-2026-35273 is not currently listed in the CISA KEV catalog.

Vulnerability intelligence

CVE-2026-35273

CVE-2026-35273 scores CVSS 9.8. Unauthenticated RCE via HTTP. Oracle's advisory came 14 days after exploitation began.

2026

What WebPulse reported · 4 analyses

Oracle PeopleSoft Was a Zero-Day for 14 Days. 100+ Organizations Paid the Price.

CVE-2026-35273 scores CVSS 9.8. Unauthenticated RCE via HTTP. Oracle's advisory came 14 days after exploitation began.

June 21, 2026

Record-Breaking June 2026 Patch Tuesday: The Maintenance Burden That Never Ends

Microsoft, Spring, Node.js, and Oracle all shipped critical patches in one week. Organizations running legacy infrastructure face a patching treadmill with no e

June 18, 2026

CISA's New Directive: 3 Days to Patch the Worst Vulnerabilities. Not 30. Not 14. Three.

Binding Operational Directive 26-04 replaces the old 30-day patch window with risk-based timelines. Publicly exposed, auto-exploitable vulnerabilities in the KE

June 16, 2026

ShinyHunters Claims 297 GB From the Council of Europe. Payroll Records for 10,000 Employees. Medical Data. Tax Numbers. Deadline: June 16.

429,000 files allegedly exfiltrated from HR, the Parliamentary Assembly, the Secretariat, and the European Directorate for Quality of Medicines. The Council of

June 15, 2026

View CVE-2026-35273 on the NIST National Vulnerability Database →

Related vulnerabilities

CVE-2026-9082 CVE-2026-8206 CVE-2026-48019 CVE-2026-11645 CVE-2026-8181 CVE-2026-47291 CVE-2026-45657 CVE-2026-3844