SPLUNK and Zoom have issued security updates this week to fix a range of critical- and high-severity vulnerabilities across their products, according to SecurityWeek.
Zoom addressed a critical-severity flaw in Workplace for Windows that could allow unauthenticated, remote attackers to escalate privileges over the network, affecting the Mail feature, with patches in Workplace for Windows version 6.6.0 and Workplace VDI Client for Windows versions 6.4.17, 6.5.15, and 6.6.10, and rolled out patches for three high-severity defects in certain Zoom Clients for Windows that could be exploited by local attackers to escalate privileges.
Splunk released fresh Splunk Enterprise updates resolving dozens of issues, including five product-specific flaws; the most severe is CVE-2026-20163 (CVSS 8.0), which could let attackers with high privileges execute arbitrary shell commands via a REST endpoint due to insufficient input sanitisation when previewing uploaded files before indexing.
The updates also fix three medium-severity flaws leading to XSS, credential exposure and sensitive information disclosure, plus dozens of CVEs in third-party packages; a fourth medium-severity issue involving Observability Cloud API access token leakage was addressed in versions 10.2.1 and 10.0.4, with Splunk noting no exploitation in the wild.