CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2026-20253 — In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform...

·Source: NIST NVD

Updated:

Executive Summary

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file

Analysis

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. CVSS Score: 9.8. Published: 2026-06-10T18:16:40.760.

Indicators of Compromise (1)

CVE (1)
CVE-2026-20253
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on Jun 10, 2026. Verified by: NIST.

Related Threats

LOWVulnerability

Chinese hackers hijack auth flow, spy on isolated network for a decade

Chinese hackers took control of a target organization's authentication stack and maintained persistence for 10 years, with full visibility into the administrative activity. [...]

BleepingComputer
CRITICALVulnerability

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253, is rated 9.8 on the CVSS scoring system. "In Splunk Enterprise versions below 10.2.4 and 10.0.7, an unauthenticated user could create or truncate arbitrary

CVE-2026-20253
The Hacker News
LOWVulnerability

Weekly Metasploit Update: New Kerberos/Certificate tracing options, and multiple new modules

New Tracing Options As hard as we try to ensure that Metasploit is bug free, issues inevitably come up. Whether you’re running a module on an op or writing a new one, what we can do is make the debugging experience easier. To that end one of our two Google Summer of Code (GSoC) projects is here to deliver. Building on the previous pattern of HttpTrace comes two new options KerberosTicketTrace and

Rapid7