A critical vulnerability (CVE-2026-50751) has been identified in Check Point VPN, which is currently active and being exploited. Additionally, multiple security flaws have been disclosed in Splunk Enterprise, including CVE-2026-20253 with a severe CVSS score of 9.8, allowing unauthorized file operations without credentials. Another significant vulnerability, CVE-2026-20251 (CVSS 8.8), enables Remote Code Execution (RCE) through unsafe deserialization in the Splunk Secure Gateway application.
Additional issues include CVE-2026-20258 (CVSS 7.1) affecting stored XSS and CVE-2026-20252 (CVSS 7.6) allowing Server-Side Request Forgery (SSRF). Organizations are urged to immediately apply patches or temporary mitigations to secure their systems.