- Description
- In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, and Splunk Secure Gateway versions below 3.10.6, 3.9.20, and 3.8.67, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could perform a Remote Code Execution (RCE) through the Splunk Secure Gateway app.<br><br>The Remote Code Execution is possible because of unsafe deserialization of App Key Value Store (KV Store) data through the ‘jsonpickle’ Python library, which reconstructs arbitrary Python objects from specially crafted JavaScript Object Notation (JSON) without adequate validation.
- Source
- psirt@cisco.com
- NVD status
- Undergoing Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- psirt@cisco.com
- CWE-502
- Hype score
- Not currently trending
Warning: Splunk has released multiple high and critical vulnerabilities in Splunk Enterprise. CVE-2026-20253 (CVSS 9.8) allows an unauthenticated attacker to create or truncate arbitrary files. CVE-2026-20251 (CVSS 8.8) could allow a low-privileged user to perform #RCE! #Patch
@CCBalert
11 Jun 2026
197 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
A CVSS 9.8 flaw highlights new Splunk Enterprise vulnerabilities. Patch CVE-2026-20253, CVE-2026-20251, and others to prevent remote attacks on your servers. #Splunk #Cybersecurity #Vulnerability #CVE2026_20253 #InfoSec https://t.co/5541WMpWb5 https://t.co/QESmhwfDVE
@the_yellow_fall
11 Jun 2026
287 Impressions
1 Retweet
5 Likes
1 Bookmark
0 Replies
0 Quotes