Skip to main content
ZDI-26-387 CRITICAL 9.3 Published Jun 24, 2026

Oracle PeopleSoft HttpListeningConnector Server-Side Request Forgery Vulnerability

Oracle

This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Oracle PeopleSoft. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.3.

Related CVEs

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy