Splunk, Zoom Patch Critical Vulnerabilities

Splunk, Zoom Patch Critical Vulnerabilities
Splunk and Zoom released patches this week for multiple critical and high-severity vulnerabilities across their products, including flaws that could lead to credential exposure, file writing outside intended directories, and account takeover. Neither company says the issues have been exploited in the wild, and Splunk’s updates also cover serious bugs in third-party components. #Splunk #Zoom #CVE-2026-20296 #CVE-2026-20297 #CVE-2026-20298 #CVE-2026-53412

Keypoints

  • Splunk patched three product-specific vulnerabilities, including command safeguards bypass and path traversal flaws.
  • Exploitation could expose credentials, data, and stored credential hashes.
  • Splunk Enterprise updates also fix critical and high-severity third-party library issues.
  • Zoom fixed a critical Windows client flaw that could enable account takeover attacks.
  • Zoom also addressed a TOCTOU race condition and two privilege elevation bugs.

Read More: https://www.securityweek.com/splunk-zoom-patch-critical-vulnerabilities/