Pre-Auth
Splunk Enterprise CVE-2026-20253: An Unauthenticated Postgres Sidecar Hands Over Pre-Auth RCE
CVE-2026-20253 (CVSS 9.8) is a pre-auth RCE in Splunk Enterprise. An unauthenticated Postgres sidecar endpoint gives an arbitrary file write that escalates to code execution — on the box holding all your logs. Full exploit details are public; patch now.
Quest KACE SMA CVE-2025-32975: CVSS 10.0 SSO Auth Bypass Added to CISA KEV as Admin Takeover Campaign Continues
CISA added CVE-2025-32975 — a CVSS 10.0 SSO authentication bypass in Quest KACE Systems Management Appliance — to the KEV catalog on April 20, 2026. Federal agencies must patch by May 4. Exploitation has been in progress since March.
CVE-2026-21643: Pre-Auth SQL Injection in FortiClient EMS 7.4.4 Under Active Exploitation — CISA Deadline Tomorrow
Critical pre-authentication SQL injection in Fortinet FortiClient EMS 7.4.4 is being actively exploited. CISA KEV remediation deadline is April 16, 2026.
Oracle Identity Manager Pre-Auth RCE: CVE-2026-21992 Emergency Patch
Oracle issued an out-of-band emergency fix for CVE-2026-21992, a CVSS 9.8 unauthenticated RCE in Oracle Identity Manager's REST WebServices component affecting versions 12.2.1.4.0 and 14.1.2.1.0.