"Zoom has addressed a critical-severity flaw in Workplace for Windows that could allow unauthenticated, remote attackers to elevate their privileges over the network. The issue impacts the Mail feature of the product and was addressed in Workplace for Windows version 6.6.0 and Workplace VDI Client for Windows versions 6.4.17, 6.5.15, and 6.6.10."
"The most severe of these bugs is CVE-2026-20163 (CVSS score of 8.0), a high-severity flaw that could be exploited by attackers who already have high privileges on a vulnerable deployment to execute arbitrary shell commands through a REST endpoint. This occurs because of insufficient input sanitization when previewing uploaded files before indexing them."
"The security defect was addressed in Splunk Enterprise versions 10.2.0, 10.0.4, 9.4.9, and 9.3.10, which also resolve three medium-severity flaws leading to XSS attacks, credential exposure, and sensitive information disclosure. The updates also include fixes for dozens of CVEs in third-party packages used in Splunk Enterprise, including multiple Golang dependencies."
Zoom patched a critical-severity vulnerability in Workplace for Windows affecting the Mail feature that could allow unauthenticated remote attackers to escalate privileges. Updates were released for Workplace for Windows version 6.6.0 and VDI Client versions 6.4.17, 6.5.15, and 6.6.10. Additionally, Zoom addressed three high-severity flaws in Zoom Clients for Windows exploitable by local attackers for privilege escalation. Splunk released Enterprise updates resolving dozens of issues, including CVE-2026-20163, a high-severity flaw with CVSS score 8.0 allowing privileged attackers to execute arbitrary shell commands through a REST endpoint due to insufficient input sanitization. Splunk Enterprise versions 10.2.0, 10.0.4, 9.4.9, and 9.3.10 address this and three medium-severity flaws. Updates also include fixes for third-party package vulnerabilities and AppDynamics critical-severity flaws.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]