Will CVE-2026-35273 (PeopleSoft zero-day) be added to CISA KEV by end of June 2026?
[Auto-closed — deadline passed with no qualifying event] Market deadline was 2026-07-01. Today is 2026-07-08 (7 days post-deadline). No credible evidence found in recent intel or public sources that CVE-2026-35273 has been added to CISA KEV or that Oracle has released a patch. The deadline has passed without qualifying evidence of resolution.
Evidence: https://threatodds.com/markets/644ea471-a660-4591-aae4-53bc9db20792Market Overview
AI GENERATEDOracle warned of a critical PeopleSoft Suite zero-day (CVE-2026-35273, CVSS likely 9.0+) allowing unauthenticated remote code execution, with active ShinyHunter data theft attacks documented by Bleeping Computer. This is a rare unpatched RCE in widely-deployed enterprise software.
Primary SourceResolution Criteria
CVE-2026-35273 officially added to CISA Known Exploited Vulnerabilities (KEV) catalog by moderator verification of CISA.gov. Alternative: Oracle releases patch and CISA confirms exploitation before or after patch release date.