CVE-2026-20253 – Splunk Enterprise
“A service without authentication can turn a trusted platform into an easy target.”
Splunk patched CVE-2026-20253 in Splunk Enterprise and Splunk Cloud Platform. This vulnerability exists in a PostgreSQL sidecar service endpoint that lacks authentication controls, allowing any network-reachable attacker to create or truncate arbitrary files without providing credentials. The CVSS score is 9.8, which is Critical severity.
The issue can allow unauthorized modification of files and may impact the confidentiality, integrity, and availability of affected systems. Because the vulnerable endpoint is accessible without authentication, organizations should prioritize remediation of exposed deployments. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.
Key Details
- Affected Product
- Splunk Splunk
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-306