ATLASSIAN and Splunk have announced patches for critical vulnerabilities in their products. Splunk addressed a critical issue in its AI Toolkit (CVE-2026-20266) that could allow admin attackers to execute arbitrary OS commands. A medium-severity information disclosure vulnerability (CVE-2026-20265) was also fixed.
Atlassian published updates for 100 security bulletins related to vulnerabilities across multiple products, with several critical-severity issues found in third-party dependencies such as Axios and Apache Tomcat. Users are urged to update their software to mitigate risks.