Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Splunk, Palo Alto Networks Patch Severe Vulnerabilities

The security defects could allow attackers to create or modify arbitrary files and access and modify protected resources.

Ivanti Fortinet Splunk Atlassian vulnerability patches

Splunk and Palo Alto Networks on Wednesday rolled out patches for multiple vulnerabilities across their product portfolios, including critical and high-severity bugs.

Palo Alto Networks drew attention to a high-severity security flaw in the Cortex XSOAR and Cortex XSIAM platforms that could allow attackers to access and modify restricted resources.

Tracked as CVE-2026-0274, the issue is described as the improper validation of credentials in the CommvaultSecurityIQ integration of the affected products and does not require a special configuration to be triggered.

The company also rolled out patches for eight medium and low-severity security defects in PAN-OS, Prisma Access Agent, Cortex XSOAR, and GlobalProtect App.

Palo Alto Networks says it is not aware of any of these vulnerabilities being exploited in the wild.

On Wednesday, Splunk published a dozen advisories detailing security weaknesses in its products and third-party libraries they use.

Advertisement. Scroll to continue reading.

The most severe of the bugs is CVE-2026-20253 (CVSS score of 9.8), a critical-severity arbitrary file creation and truncation issue affecting Splunk Enterprise. Unauthenticated attackers can exploit the flaw through a PostgreSQL sidecar service endpoint.

“The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials,” Splunk explains.

Splunk also released fixes for three high-severity Splunk Enterprise security defects that could lead to remote code execution (RCE), SSRF attacks, and XSS attacks, respectively.

Additionally, the company patched four medium-severity bugs in Splunk Enterprise, and another in Splunk SOAR, warning they could be exploited to exfiltrate sensitive data, reassign saved search ownership to arbitrary users, or inject ANSI escape codes into SOAR application log files.

Splunk also rolled out fixes for roughly three dozen vulnerabilities in third-party software components in Splunk Enterprise and Splunk SOAR.

The company made no mention of any of these vulnerabilities being exploited in the wild.

UPDATE 06.19.2026: Splunk has confirmed that CVE-2026-20253 has been exploited in attacks.

Related: Critical FreeScout Vulnerability Leads to Full Server Compromise

Related: SolarWinds Patches Four Critical Serv-U Vulnerabilities

Related: Hackers Abuse QEMU for Defense Evasion

Related: Several Code Execution Flaws Patched in Veeam Backup & Replication

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

BlueVoyant has appointed Ravi Subramanian as CFO and Jamie Coleman as CCO.

Solana Foundation has appointed Michael Coates as Chief Information Security Officer.

Michael Sikorski has joined Coinbase as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.