HIGHVulnerability
Verified
Global

CISA KEV: Splunk Enterprise — Splunk Enterprise Missing Authentication for Critical Function Vulnerability

·Source: CISA KEV

Updated:

Executive Summary

Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.

Analysis

Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. Added to CISA Known Exploited Vulnerabilities catalog on 2026-06-18. Remediation due: 2026-06-21.

Indicators of Compromise (1)

CVE (1)
CVE-2026-20253
Source Attribution

Originally published by CISA KEV on Jun 18, 2026. Verified by: CISA.

Related Threats