CISA added CVE-2026-20253 in Splunk Enterprise to its Known Exploited Vulnerabilities catalog after confirming active exploitation of the missing-authentication flaw, warning that successful exploitation could give attackers access to critical functions and potentially total control of exposed systems. The agency said the vulnerability type is a common intrusion vector and directed Federal Civilian Executive Branch agencies to rapidly remediate affected public-facing assets under Binding Operational Directive 26-04, while also checking whether systems were already compromised before patches were applied.
CISA also warned that multiple Ubiquiti UniFi OS flaws have been added to the KEV catalog, including CVE-2026-34908 for improper access control, CVE-2026-34909 for path traversal, and CVE-2026-34910 for improper input validation that could enable command injection. The agency said at least one of the UniFi flaws is being actively exploited and cautioned that the bugs could be chained to disable security controls, alter network behavior, steal credentials, tamper with traffic, and support lateral movement, prompting urgent patching of internet-exposed management interfaces.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
3 events from the most recent confirmed update back to the earliest known activity.
Under Binding Operational Directive 26-04, federal civilian agencies were told to remediate the affected Ubiquiti UniFi OS vulnerabilities by June 26, 2026. The notice emphasized the risk of unauthorized system changes, path traversal, and possible command injection if the flaws are chained.
CISA added multiple Ubiquiti UniFi OS vulnerabilities to its Known Exploited Vulnerabilities Catalog, including CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, and warned that at least one is being actively exploited in the wild. Affected organizations, especially those with internet-exposed UniFi management interfaces, were urged to prioritize patching.
CISA added CVE-2026-20253, a Splunk Enterprise missing-authentication vulnerability, to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation. The agency said the flaw poses significant risk and directed federal agencies to prioritize remediation under BOD 26-04.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.