CVE-2026-20253

critical Splunk ⚠️ CISA KEV — Exploited in the Wild
CVSS v3 Base Score
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
1.7%
Exploitation probability in 30 days
Top 25% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
High
Integrity
High
Availability
High
Published: June 10, 2026 (29 days ago)
Last Modified: June 19, 2026
Vendor: Splunk
Source: MITRE

⚠️ CISA Known Exploited Vulnerability

Added to KEV: 2026-06-18
Remediation Due: 2026-06-21 (⚠ 18d overdue)

Description

In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service.

CWE

CWE-306

Affected Products

Splunk Splunk Enterprise

References