Oracle has patched a critical vulnerability in PeopleSoft Suite (CVE-2026-35273) enabling unauthenticated remote code execution that is already being actively exploited in targeted data theft campaigns by the ShinyHunter group.