Salt is vulnerable to remote code execution (RCE). The local_batch client external authentication does not accept external_auth credentials. This allows code execution for already-authenticated users and is only in effect when running salt-api as the root user.