ZDI-26-387
CRITICAL 9.3
Published
Jun 24, 2026
Oracle PeopleSoft HttpListeningConnector Server-Side Request Forgery Vulnerability
Oracle
This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Oracle PeopleSoft. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.3.