SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Atlassian, Splunk Patch Critical Vulnerabilities

Splunk patched an OS command injection in AI Toolkit, while Atlassian fixed dozens of flaws in third-party dependencies.
Ivanti Fortinet Splunk Atlassian vulnerability patches

Atlassian and Splunk on Wednesday announced patches for multiple vulnerabilities in their products, including critical-severity flaws.

Splunk resolved a critical issue in AI Toolkit that could allow authenticated attackers with admin roles to execute arbitrary OS commands on the host the Splunk Enterprise instance runs on.

“The vulnerability is possible because of an unsafe shell execution pattern in the btool configuration helper, which constructs OS command strings from dynamic parameters without disabling shell interpretation,” Splunk explains.

Tracked as CVE-2026-20266 (CVSS score of 9.1), the security defect was addressed in Splunk AI Toolkit version 5.7.4. If upgrading is not possible, Splunk recommends uninstalling the AI Toolkit as a mitigation.

The update also addresses CVE-2026-20265, a medium-severity information disclosure bug caused by an insecure default domain allowlist. An attacker holding the admin or power role could cause the AI Toolkit to make outbound HTTP requests to attacker-controlled servers, leading to data exfiltration.

Atlassian published 100 security bulletins that address dozens of security defects across Bamboo Data Center and Server, Bitbucket Data Center and Server, Confluence Data Center and Server, Crowd Data Center and Server, Fisheye/Crucible, Jira Data Center and Server, and Jira Service Management Data Center and Server.

Advertisement. Scroll to continue reading.

All the weaknesses resolved with the fresh security updates appear to affect third-party dependencies used in Atlassian’s products.

These include critical-severity issues in Axios (CVE-2026-42043, CVE-2026-40175, and CVE-2026-42264), Apache Tomcat (CVE-2026-41293, CVE-2026-43512, CVE-2026-41293, CVE-2026-43515, and CVE-2026-43515), and Netty (CVE-2026-42584).

Users are advised to update to a patched version of the affected Atlassian products as soon as possible.

Related: Critical Command Execution Vulnerability Patched in Cisco ISE

Related: F5 Patches Critical, High-Severity NGINX Vulnerabilities

Related: Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day

Related: 3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: How Modern Breaches Bypass MFA and Evade Detection
June 17, 2026

Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.

Register

Webinar: Modern Exposure Validation in the AI Era
June 24, 2026

AI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.

Register

People on the Move

SolarWinds has appointed Justin Henkel as Chief Information Security Officer.

J. Paul Haynes has joined Cinchy as Chief Executive Officer.

Hatem Naguib has become Chief Executive Officer at Sysdig.

More People On The Move

Expert Insights

No Exploits Required

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Popular Topics

Security Community

Stay Intouch

About SecurityWeek

News Tips

Got a confidential news tip? We want to hear from you.

Submit Tip

Advertising

Reach a large audience of enterprise cybersecurity professionals

Contact Us

Daily Briefing Newsletter

Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.