CVE-2026-20253

CRITICAL

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.<br><br>The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials.

CVSS v3.1 Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Complexity

LOW

Privileges

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Published: 6/10/2026Modified: 6/10/2026

Related Intelligence (3)

CRITICALVulnerability

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253, is rated 9.8 on the CVSS scoring system. "In Splunk Enterprise versions below 10.2.4 and 10.0.7, an unauthenticated user could create or truncate arbitrary

CVE-2026-20253

5h agoThe Hacker News

MEDIUMVulnerability

Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE) - watchTowr Labs

[object Object]

CVE-2026-20253

22h agor/netsec

CRITICALVulnerability

NVD CRITICAL: CVE-2026-20253 — In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform...

CVE-2026-20253

3d agoNIST NVD

References (1)

https://advisory.splunk.com/advisories/SVD-2026-0603