Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

Splunk, Zoom Patch Critical Vulnerabilities

0
Critical
Vulnerability
Published: 07/16/2026 (07/16/2026, 10:54:34 UTC)
Source: SecurityWeek

Description

The flaws could allow attackers to access credentials and data, take over accounts, and escalate their privileges. The post Splunk, Zoom Patch Critical Vulnerabilities appeared first on SecurityWeek .

Affected software

Affected versions
>=9.4.0 <9.4.13>=10.0.0 <10.0.8>=10.2.0 <10.2.5>=10.4.0 <10.4.1

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/16/2026, 11:02:44 UTC

Technical Analysis

Splunk released patches for three product-specific vulnerabilities: CVE-2026-20296 (command safeguards bypass, high severity), CVE-2026-20297 (path traversal, high severity), and CVE-2026-20298 (information disclosure, medium severity). These flaws could allow attackers to access credentials and data, write files outside the application directory, and view stored credential hashes. The fixes are included in Splunk Enterprise versions 10.4.1, 10.2.5, 10.0.8, and 9.4.13, which also address critical vulnerabilities in third-party components. Zoom patched four vulnerabilities in its Windows Workplace and Workplace VDI Client, including CVE-2026-53412 with a CVSS score of 9.8, a critical remote unauthenticated account takeover vulnerability, plus three high-severity issues involving a TOCTOU race condition and privilege elevation. Neither vendor reported active exploitation in the wild.

Potential Impact

Successful exploitation of the Splunk vulnerabilities could allow attackers to access sensitive credentials and data, write unauthorized files outside the application directory, and disclose stored credential hashes. The Zoom critical vulnerability could enable remote, unauthenticated attackers to take over user accounts, potentially leading to unauthorized access and privilege escalation. The other high-severity Zoom flaws could allow privilege escalation and exploitation of race conditions. No known active exploitation has been reported.

Mitigation Recommendations

Patches are available and should be applied immediately. Splunk users should upgrade to versions 10.4.1, 10.2.5, 10.0.8, or 9.4.13 to address the vulnerabilities. Zoom users should update their Workplace and Workplace VDI Clients for Windows to the latest patched versions. No mention of active exploitation or additional mitigations was provided by the vendors. Organizations should follow vendor guidance to apply these official fixes promptly.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Article Source
{"url":"https://www.securityweek.com/splunk-zoom-patch-critical-vulnerabilities/","fetched":true,"fetchedAt":"2026-07-16T11:02:32.685Z","wordCount":914}

Threat ID: 6a58ba4868715ace43e6928f

Added to database: 07/16/2026, 11:02:32 UTC

Last enriched: 07/16/2026, 11:02:44 UTC

Last updated: 07/16/2026, 19:27:23 UTC

Views: 16

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses