HIGHVulnerability
Verified
Global
CISA KEV: Splunk Enterprise — Splunk Enterprise Missing Authentication for Critical Function Vulnerability
·Source: CISA KEV
Updated:
Executive Summary
Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.
Analysis
Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. Added to CISA Known Exploited Vulnerabilities catalog on 2026-06-18. Remediation due: 2026-06-21.