Splunk and Palo Alto Networks on Wednesday rolled out patches for multiple vulnerabilities across their product portfolios, including critical and high-severity bugs.
Palo Alto Networks drew attention to a high-severity security flaw in the Cortex XSOAR and Cortex XSIAM platforms that could allow attackers to access and modify restricted resources.
Tracked as CVE-2026-0274, the issue is described as the improper validation of credentials in the CommvaultSecurityIQ integration of the affected products and does not require a special configuration to be triggered.
The company also rolled out patches for eight medium and low-severity security defects in PAN-OS, Prisma Access Agent, Cortex XSOAR, and GlobalProtect App.
Palo Alto Networks says it is not aware of any of these vulnerabilities being exploited in the wild.
On Wednesday, Splunk published a dozen advisories detailing security weaknesses in its products and third-party libraries they use.
The most severe of the bugs is CVE-2026-20253 (CVSS score of 9.8), a critical-severity arbitrary file creation and truncation issue affecting Splunk Enterprise. Unauthenticated attackers can exploit the flaw through a PostgreSQL sidecar service endpoint.
“The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials,” Splunk explains.
Splunk also released fixes for three high-severity Splunk Enterprise security defects that could lead to remote code execution (RCE), SSRF attacks, and XSS attacks, respectively.
Additionally, the company patched four medium-severity bugs in Splunk Enterprise, and another in Splunk SOAR, warning they could be exploited to exfiltrate sensitive data, reassign saved search ownership to arbitrary users, or inject ANSI escape codes into SOAR application log files.
Splunk also rolled out fixes for roughly three dozen vulnerabilities in third-party software components in Splunk Enterprise and Splunk SOAR.
The company made no mention of any of these vulnerabilities being exploited in the wild.
UPDATE 06.19.2026: Splunk has confirmed that CVE-2026-20253 has been exploited in attacks.
Related: Critical FreeScout Vulnerability Leads to Full Server Compromise
Related: SolarWinds Patches Four Critical Serv-U Vulnerabilities
Related: Hackers Abuse QEMU for Defense Evasion
Related: Several Code Execution Flaws Patched in Veeam Backup & Replication
