Splunk, Zoom Patch Critical Vulnerabilities
Splunk and Zoom this week announced patches for multiple vulnerabilities across their products, including several critical and high-severity security defects.
Only three of the five advisories that Splunk published address flaws that are specific to its products, while the other two resolve dozens of bugs in third-party components.
The Splunk-specific issues include CVE-2026-20296 (a high-severity command safeguards bypass), CVE-2026-20297 (a high-severity path traversal), and CVE-2026-20298 (a medium-severity information disclosure).
Successful exploitation of these weaknesses could allow attackers to access credentials and data, write files outside the intended application directory, and view stored credential hashes.
Patches for all three were included in Splunk Enterprise versions 10.4.1, 10.2.5, 10.0.8, and 9.4.13, which also address critical- and high-severity vulnerabilities in Golang, Go compiler, OpenSSL, and other third-party libraries.
Zoom published four advisories that resolve as many vulnerabilities across its clients and tools for Windows.
Advertisement. Scroll to continue reading.
The most severe is...
Copyright of this story solely belongs to securityweek.com. To see the full text click HERE