ON Wednesday, Splunk and Palo Alto Networks released patches addressing multiple vulnerabilities across their products, including critical and high-severity issues. Palo Alto identified a significant flaw in its Cortex platforms (CVE-2026-0274) that could allow unauthorized access and modification of resources, with additional patches for minor defects in various tools.
Splunk's most severe vulnerability (CVE-2026-20253) was found in Splunk Enterprise, allowing unauthenticated access for file operations via a poorly secured PostgreSQL endpoint. Splunk issued fixes for several high-severity defects associated with remote code execution and vulnerabilities in third-party libraries. Neither company reported any exploitation of these vulnerabilities in the wild.