CVE-2026-35288

hype MOSTLY HYPE · 22 hack

Repetitive social posts, no PoC, no official metadata, third-party sources, no evidence of exploitation.

What: Privilege escalation vulnerability in Oracle PeopleSoft (CVSS 8.2) requiring high-privileged attacker; scope and impact unclear due to missing official metadata.

Why it matters: Social posts claim CVSS 8.2 and urgency, but NVD metadata is not yet enriched, no EPSS available, not KEV-listed, and no vendor advisory or PoC confirmation found. Posts lack technical detail and reference non-authoritative sources. No signal of in-the-wild exploitation or active patching.

Where it's seen: Two nearly identical Twitter/Bluesky posts amplifying the same claim; both link to third-party summary site rather than Oracle advisory. Appears to be recycled announcement with inflated urgency language.

RISK: MODERATE — Unconfirmed CVSS 8.2 claim in Oracle PeopleSoft; lacks official advisory and KEV listing.

Generated by claude-haiku-4-5 from public posts and authoritative metadata. AI can make mistakes — verify against vendor advisories before acting. 6/17/2026, 9:49:43 AM

No NVD details ingested for this CVE yet.