CVE-2026-20253: Splunk Enterprise

What is CVE-2026-20253?

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.<br><br>The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials.

CVSS9.8 NVD 3.1

SeverityCRITICAL

ExploitationNo exploitation reported

EPSS<1% · P21

Triage statusNo Known Exploit

ActionPatch within 48 hours

CVSS vectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWECWE-306

NVD published2026-06-10

NVD last modified2026-06-10

Affected product

Splunk Enterprise

Remediation Steps

Upgrade Splunk Enterprise to version 10.2.4 or 10.0.7 or later
If immediate upgrade is not possible, restrict network access to Splunk Enterprise instances to trusted internal networks only
Review authentication and authorization logs for suspicious unauthenticated file operations
Apply vendor security updates as soon as they become available

References

Coverage on defend.network

Vulnerability Priority Report – Week 2 of June 2026 (June 8 – 14)
Splunk RCE, Arch Linux supply-chain hijack, Velvet Ant decade-long backdoor (2026-06-14)

🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.

What is CVE-2026-20253?

Affected product

Remediation Steps

References

Coverage on defend.network

Get Critical CVE Alerts