SecurityWeekCRITICALVulnerability disclosureBREAKING6d

Splunk Enterprise CVE-2026-20253 Exploited Within Days of Disclosure

Critical Splunk Enterprise vulnerability enabling unauthenticated file operations and RCE is actively exploited; CISA adds to KEV catalog with federal remediation deadline.

Attack Brief

TargetSplunk EnterpriseVectorUnauthenticated PostgreSQL sidecar service endpoint allowing arbitrary file creation/truncation and remote code executionAttributionresearcher disclosure

Technical Details

CVE IDsCVE-2026-20253AffectedSplunk Enterprise versions 10.2 before 10.2.4 and 10.0 before 10.0.7

Impact

Confirmed DamageLimited exploitation confirmed in the wild as of June 18, 2026

Mitigation

PatchesSplunk Enterprise 10.2.4Splunk Enterprise 10.0.7

Context

Similar AttacksFirst Splunk vulnerability added to CISA KEV catalog; WatchTowr researchers published PoC code demonstrating RCE exploitation two days after disclosure

Source

https://www.securityweek.com/splunk-enterprise-vulnerability-exploited-in-attacks-days-after-disclosure/by Eduard Kovacson 2026-06-19T00:00:00Z

CVECVE-2026-20253 Incidentvulnerability_disclosure

2 sources

Read full article on SecurityWeek →← Back to news