[Verse 1] June twenty-third, twenty twenty-six, the alerts are blinking red Two critical CVEs dropping, patch 'em or you're dead First up is Splunk Enterprise, missing auth on a critical gate An unauthenticated user walks right through, no password, no debate They talk to a PostgreSQL sidecar like they own the place Create or truncate arbitrary files, leaving zero trace CVE-2026-20253, that's the designation No login needed, full file manipulation [Chorus] CVE season, patch or bleed Unauthenticated access, that's all attackers need Splunk and Joomla, both exposed today Missing controls letting strangers play Check your systems, run the update chain Two fresh vulns pouring down like acid rain Twenty-twenty-six and the threats don't wait Lock the function, lock the gate [Verse 2] Second hit is Widget Factory, Joomla Content Editor in the scope Improper access control, and attackers riding that rope CVE-2026-48907, remember that sequence An unauthenticated visitor exploits the profile creation experience They craft a brand new editor profile, the system bows and complies Then uploads PHP code directly, executes it on the server's drives Remote code execution through a feature meant for editors Now the server's taking orders from invisible creditors [Chorus] CVE season, patch or bleed Unauthenticated access, that's all attackers need Splunk and Joomla, both exposed today Missing controls letting strangers play Check your systems, run the update chain Two fresh vulns pouring down like acid rain Twenty-twenty-six and the threats don't wait Lock the function, lock the gate [Bridge] Both vulnerabilities share a skeleton key problem No credential check means the attacker doesn't need to solve them Authentication is the bouncer at the door When the bouncer disappears, anyone walks the floor Splunk exposes file system surgery to the crowd Joomla lets PHP land on your server like a shroud File creation, code execution, two different flavors Both hand unauthorized operators dangerous favors [Verse 3] So what do you do when the advisories drop this hot You pull the vendor patches, you apply every single dot Segment your Splunk deployment, restrict that sidecar's reach Keep your Joomla plugins current, don't leave that access in breach Monitor your file creation logs, watch for unusual writes Audit your editor profiles, check for overnight invites These aren't theoretical, the attack surface is real wide Missing authentication is a welcome mat set outside [Chorus] CVE season, patch or bleed Unauthenticated access, that's all attackers need Splunk and Joomla, both exposed today Missing controls letting strangers play Check your systems, run the update chain Two fresh vulns pouring down like acid rain Twenty-twenty-six and the threats don't wait Lock the function, lock the gate
← Canada Gazette — June 23, 2026 | IT Security News — June 23, 2026 →