Review – Public ICS Disclosures – Week of 2-14-26 – Part 2

For Part 2 we have another set of bulk vendor disclosures from Splunk (11). We have three additional vendor disclosures from Broadcom, and Supermicro (2). There are six vendor updates from Broadcom (2), HP (2), and HPE (2). There is also a researcher reports for vulnerabilities in products from OpenCFD. Finally, we have two exploits for products from FortiGuard and Splunk.

Bulk Vendor Disclosures – Splunk

• Third-Party Package Updates in Splunk DB Connect - February 2026,

• Third-Party Package Updates in Splunk Enterprise - February 2026,

• Third-Party Package Updates in Splunk Universal Forwarder - February 2026,

• Sensitive Information Disclosure in ''_internal'' index in Splunk Enterprise,

• Local Privilege Escalation in Splunk Enterprise for Windows through Python Module Search Path,

• Sensitive Information Disclosure in "_internal" index in Splunk Enterprise,

• Improper Access Control in Splunk Monitoring Console App,

• Local Privilege Escalation (LPE) in Splunk Enterprise for Windows through DLL Search‑Order Hijacking,

•Client-Side Denial of Service (DoS) through ''/splunkd/raw/services/authentication/ users/username'' REST API endpoint in Splunk Enterprise,

• Sensitive Information Disclosure in "_internal" index in Splunk Enterprise,

• Risky Commands Safeguards Bypass through preloaded Data Models due to Path Traversal vulnerability in Splunk Enterprise,

Advisories

Broadcom Advisory - Broadcom published an advisory that discusses an improper use of invalid use of special elements vulnerability in Brocade ASC-Gateway OVA.

Supermicro Advisory #1 - Supermicro published an advisory that discusses 19 vulnerabilities in multiple Supermicro products.

Supermicro Advisory #2 - Supermicro published an advisory that discusses the end-of-life Microsoft Secure Boot CA 2011 that affects multiple Supermicro products.

Updates

Broadcom Update #1 - Broadcom published an update for their Brocade ASCG advisory that was originally published on January 7th, 2025, and most recently updated on January 27^th, 2026.

Broadcom Update #2 - Broadcom published an update for their Brocade SANnav advisory that was originally published on October 14^th, 2024, and most recently updated on July 8^th, 2025.

HP Update #1 - HP published an update for their NVIDIA GPU Display Driver advisory that was originally published on September 25^th, 2025, and most recently updated on December 11^th, 2025.

HP Update #2 - HP published an update for their Intel Graphics Software advisory that was originally published on November 11^th, 2025.

HPE Update #1 - HPE published an update for their StoreEasy Servers advisory that was originally published on February 11^th, 2026.

HPE Update #2 - HPE published an update for their ProLiant AMD DL/XL Servers advisory that was originally published on February 10^th, 2026.

Researcher Reports

OpenCFD Report - Cisco Talos published a report that describes a code injection vulnerability in the OpenCFD OpenFOAM simulation file.

Exploits

FortiGuard Exploit - Indoushka published an exploit for an exposure of sensitive information to an unauthorized actor vulnerability in the FortiGuard FortiOS.

Splunk Exploit - Indoushka published an exploit for a code injection vulnerability in the Splunk Enterprise product.

 

For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-8f7 - subscription required.