CVE-2026-20253 – Splunk Enterprise

CVSS 9.8 CRITICAL Critical or Zero Day – Immediate Deployment

“A service without authentication can turn a trusted platform into an easy target.”

Splunk patched CVE-2026-20253 in Splunk Enterprise and Splunk Cloud Platform. This vulnerability exists in a PostgreSQL sidecar service endpoint that lacks authentication controls, allowing any network-reachable attacker to create or truncate arbitrary files without providing credentials. The CVSS score is 9.8, which is Critical severity.

The issue can allow unauthorized modification of files and may impact the confidentiality, integrity, and availability of affected systems. Because the vulnerable endpoint is accessible without authentication, organizations should prioritize remediation of exposed deployments. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.

Key Details

Affected Product
Splunk Splunk
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
CWE Classification
CWE-306
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.