CISA Advisories

Splunk's Critical Pre-Auth RCE 💥 & a Hidden Flaw in AI Agents 🤖

Two stories worth your attention today: a near-maximum-severity bug in one of the world's most widely used security and monitoring platforms, and a chained set of flaws in the open-source framework powering many of today's AI agents. Both are the kind of issues that can turn trusted tools into open doors for attackers.

A Critical Hole in Splunk Lets Attackers In Without a Password

Splunk is one of the most popular tools businesses use to collect and monitor security logs across their entire network. Researchers just disclosed a critical vulnerability (CVE-2026-20253, rated 9.8 out of 10 in severity) that lets an attacker break into certain Splunk Enterprise deployments remotely, with no login credentials at all. Through a chain of clever steps, an attacker can ultimately run their own code on the system. This matters because Splunk often holds an organization's most sensitive security data - if attackers seize control of it, they can cover their tracks while roaming freely through the rest of the network. If your organization runs Splunk Enterprise (especially on AWS), this is a patch-now situation: vulnerable versions are 10.0.0-10.0.6 and 10.2.0-10.2.3, and updates to 10.0.7 or 10.2.4 fix the issue.

Read more

A Popular AI Agent Framework Had a Hidden Backdoor

LangGraph is a widely used open-source framework (over 50 million monthly downloads) that developers use to build AI agents capable of remembering context across conversations. Security researchers found three chained vulnerabilities in the way LangGraph stores that memory, allowing an attacker to sneak in malicious data that tricks the system into running their own code - potentially handing over full control of the server. As businesses race to bolt AI agents onto their products, this is a clear reminder that those agents can become a brand-new entry point for attackers if the underlying frameworks aren't kept up to date. Anyone building on LangGraph should update to the patched versions (langgraph 1.0.10+, langgraph-checkpoint-sqlite 3.0.1+, and langgraph-checkpoint-redis 1.0.2+) right away.

Read more

Stay ahead of threats with GOCO Security at gocosecurity.com

Comments