Splunk and Zoom Address Critical Security Flaws in Latest Patches
Splunk and Zoom this week released updates addressing multiple security flaws across their platforms, including critical and high-severity issues.
Splunk’s Security Updates
Splunk’s advisories cover five issues, three of which are specific to its products. These include CVE-2026-20296, a high-severity flaw allowing command execution bypass, CVE-2026-20297, a high-severity path traversal vulnerability, and CVE-2026-20298, a medium-severity information disclosure risk. Exploitation of these flaws could enable unauthorized access to credentials, file system manipulation, and exposure of stored authentication hashes. Patches for these issues are included in Splunk Enterprise versions 10.4.1, 10.2.5, 10.0.8, and 9.4.13, which also address critical and high-severity flaws in Golang, the Go compiler, OpenSSL, and other external libraries.
Zoom’s Security Fixes
Zoom’s updates address four vulnerabilities across its Windows client software. The most severe is CVE-2026-53412, a critical flaw in the Workplace and Workplace VDI Client for Windows with a CVSS score of 9.8. This vulnerability could permit remote, unauthenticated attackers to execute account takeover operations. Additional fixes include a time-of-check-to-time-of-use (TOCTOU) race condition and two privilege escalation issues, both rated high severity.
Broader Security Trends and Recommendations
No evidence of active exploitation has been reported for either vendor’s disclosed vulnerabilities. The updates follow a broader trend of security patches for enterprise software, including recent fixes for NGINX, BIG-IP, and SharePoint vulnerabilities. Organizations are advised to apply the latest releases to mitigate risks associated with these flaws.
