Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2026-46979

CVE-2026-46979: PeopleSoft Campus Community Auth Bypass

CVE-2026-46979 is an authentication bypass vulnerability in Oracle PeopleSoft Enterprise CS Campus Community that allows privileged attackers to access and modify critical data. This article covers technical details, affected versions, and mitigation.

Published:

CVE-2026-46979 Overview

CVE-2026-46979 is a vulnerability in the Oracle PeopleSoft Enterprise CS Campus Community product, specifically in the Integration and Interfaces component. The flaw affects version 9.2.38 and allows a high-privileged attacker with network access via HTTPS to compromise the application. Successful exploitation enables unauthorized creation, deletion, or modification of critical data, and unauthorized read access to all data accessible by PeopleSoft Enterprise CS Campus Community. The weakness is categorized under [CWE-284] Improper Access Control.

Critical Impact

Authenticated attackers with high privileges can compromise the confidentiality and integrity of all data accessible to PeopleSoft Enterprise CS Campus Community over the network.

Affected Products

  • Oracle PeopleSoft Enterprise CS Campus Community 9.2.38
  • Component: Integration and Interfaces
  • Vendor: Oracle

Discovery Timeline

  • 2026-06-17 - CVE-2026-46979 published to NVD
  • 2026-06-18 - Last updated in NVD database

Technical Details for CVE-2026-46979

Vulnerability Analysis

The vulnerability resides in the Integration and Interfaces component of Oracle PeopleSoft Enterprise CS Campus Community 9.2.38. This component handles data exchange between PeopleSoft modules and external systems, making it a sensitive surface for access control enforcement. Oracle classifies the issue as easily exploitable for an attacker who already holds high-privileged credentials and network reachability over HTTPS.

The scope of impact covers both confidentiality and integrity. An attacker can read, create, modify, or delete data accessible to the Campus Community application. Availability is not affected. The vulnerability maps to [CWE-284] Improper Access Control, indicating the application fails to correctly restrict authorized operations within its integration interfaces.

The EPSS score is 0.361%, reflecting limited exploitation likelihood at present. No public proof-of-concept code or in-the-wild exploitation has been reported.

Root Cause

The root cause is improper enforcement of access control within the Integration and Interfaces component. The application does not sufficiently validate that an authenticated user with elevated privileges is authorized to perform specific data operations exposed through integration endpoints. This allows trusted privileged accounts to exceed their intended functional boundaries.

Attack Vector

An attacker requires network access to the PeopleSoft application over HTTPS and must already hold high privileges within the system. Once authenticated, the attacker interacts with the vulnerable integration interfaces to perform data operations beyond the access boundaries that should apply. No user interaction is required, and the attack does not cross a privilege boundary in terms of scope.

No verified exploitation code is publicly available. Refer to the Oracle Security Alert for vendor-supplied technical context.

Detection Methods for CVE-2026-46979

Indicators of Compromise

  • Unexpected HTTPS requests from privileged accounts targeting PeopleSoft Integration Broker endpoints or Component Interfaces.
  • Anomalous create, update, or delete operations against Campus Community records performed by administrative or service accounts.
  • Audit log entries showing privileged users accessing data sets outside their normal functional scope.

Detection Strategies

  • Enable and review PeopleSoft application audit logs for unusual activity tied to high-privileged accounts interacting with Integration and Interfaces components.
  • Monitor Integration Broker message traffic for unauthorized service operations or unexpected payload patterns.
  • Correlate authentication events with subsequent data modification events to identify privilege misuse patterns.

Monitoring Recommendations

  • Forward PeopleSoft audit and web server logs to a centralized SIEM for behavior baselining of privileged account activity.
  • Alert on bulk data read or modification operations performed through integration endpoints outside of business hours.
  • Track configuration changes to Integration Broker nodes, service operations, and permission lists.

How to Mitigate CVE-2026-46979

Immediate Actions Required

  • Apply the patches referenced in the Oracle Critical Patch Update for PeopleSoft, June 2026.
  • Inventory PeopleSoft Enterprise CS Campus Community deployments to confirm whether version 9.2.38 is in use.
  • Review and minimize the number of accounts holding high privileges within PeopleSoft.

Patch Information

Oracle addressed CVE-2026-46979 as part of its security alert published at Oracle Security Alert cspujun2026. Administrators should consult the advisory for the specific patch bundle that resolves this vulnerability in version 9.2.38 and apply it through standard PeopleSoft change management procedures.

Workarounds

  • Restrict network access to the PeopleSoft application tier so that only authorized administrative networks can reach Integration and Interfaces endpoints.
  • Audit privileged role assignments and remove unnecessary access to Campus Community integration permissions until patches are applied.
  • Increase logging verbosity on Integration Broker and Component Interface activity to support faster detection during the patch window.
bash
# Configuration example
# Refer to the Oracle Security Alert for vendor-provided patch and configuration guidance:
# https://www.oracle.com/security-alerts/cspujun2026.html

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne