Cyber Centre Daily Advisory Digest — 2026-06-11 (2 advisories)

What Happened

The Canadian Centre for Cyber Security released two security advisories regarding software vulnerabilities. Organizations using Oracle PeopleSoft and GitLab are affected, with the Oracle vulnerability already being actively exploited by attackers. This matters because unpatched systems could be compromised, leading to unauthorized access or data breaches. Administrators should immediately apply the provided security patches from Oracle and GitLab to secure their environments.

Key Takeaways

• Oracle published a security advisory for a critical vulnerability (CVE-2026-35273) affecting PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62.
• Open-source reporting indicates that CVE-2026-35273 is currently being exploited in the wild.
• GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE) to address multiple vulnerabilities in versions prior to 19.0.2, 18.11.5, and 18.10.8.

Affected Systems

• Oracle PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62
• GitLab Community Edition (CE) versions prior to 19.0.2, 18.11.5, and 18.10.8
• GitLab Enterprise Edition (EE) versions prior to 19.0.2, 18.11.5, and 18.10.8

Vulnerabilities (CVEs)

• CVE-2026-35273

Attack Chain

The provided text is a high-level security advisory digest and does not detail the specific attack chain, tools, or exfiltration techniques used by threat actors exploiting these vulnerabilities.

Detection Availability

• YARA Rules: No
• Sigma Rules: No
• Snort/Suricata Rules: No
• KQL Queries: No
• Splunk SPL Queries: No
• EQL Queries: No
• Other Detection Logic: No

No detection rules or queries are provided in the advisory.

Detection Engineering Assessment

EDR Visibility: Low — The advisory only mentions vulnerabilities in web applications (PeopleSoft, GitLab) without detailing the post-exploitation payloads or processes. Network Visibility: Medium — Exploitation of web-facing applications like GitLab and PeopleSoft typically generates anomalous HTTP/HTTPS traffic, though specific signatures are not provided. Detection Difficulty: Hard — Without specific IOCs or details on the exploit mechanics for CVE-2026-35273, detection relies on generic web exploitation heuristics.

Required Log Sources

• Web Application Firewall (WAF) logs
• Web server access logs
• Application audit logs

Hunting Hypotheses

Control Gaps

• Lack of specific WAF rules for CVE-2026-35273
• Unpatched public-facing infrastructure

Key Behavioral Indicators

• Unexpected child processes from web application services
• Anomalous web traffic patterns targeting PeopleSoft or GitLab endpoints

False Positive Assessment

• Low

Recommendations

Immediate Mitigation

• Verify against your organization's incident response runbook and team escalation paths before acting.
• Identify and inventory all instances of Oracle PeopleSoft Enterprise PeopleTools (8.61/8.62) and GitLab CE/EE in your environment.
• Apply the latest security patches provided by Oracle for CVE-2026-35273 immediately, prioritizing internet-facing systems.
• Update GitLab CE and EE to versions 19.0.2, 18.11.5, or 18.10.8 as applicable.

Infrastructure Hardening

• Evaluate whether public-facing Oracle PeopleSoft and GitLab instances can be placed behind a Web Application Firewall (WAF) or VPN.
• Consider restricting access to administrative interfaces to trusted internal IP ranges only.

User Protection

• If applicable, ensure multi-factor authentication (MFA) is enforced for all users accessing GitLab and PeopleSoft environments.

Security Awareness

• Ensure system administrators are subscribed to vendor security mailing lists (Oracle, GitLab) for timely patch notifications.

MITRE ATT&CK Mapping

• T1190 - Exploit Public-Facing Application