CVE-2026-20253

Published Jun 10, 2026

Last updated 4 days ago

CVSS critical 9.8

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-20253 is a vulnerability affecting Splunk Enterprise and Splunk Cloud Platform, stemming from a lack of authentication controls in the PostgreSQL sidecar service endpoint. This flaw permits any network-reachable, unauthenticated user to perform file operations, specifically creating or truncating arbitrary files on the affected system. The vulnerability exists in Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14. This unauthenticated file manipulation can potentially lead to unauthorized data tampering or disruption of service.

Description
In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.<br><br>The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials.
Source
psirt@cisco.com
NVD status
Undergoing Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

psirt@cisco.com
CWE-306

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2026-20253 - critical 🚨 Splunk Enterprise &amp; Cloud Platform - Unrestricted File Upload &gt; In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform vers... 👾 https://t.co/ruMSFh0Xvk @pdnuclei #NucleiTemplates #cve

    @pdnuclei_bot

    15 Jun 2026

    16 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  2. CVE-2026-20253: Severe Splunk Vulnerability Puts Enterprise Servers at Risk #cybersecurity #cyashadotcom #WeSupportPeace https://t.co/2kB3FT91wr

    @cyashadotcom

    14 Jun 2026

    102 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2026-20253: Splunk Pre-Auth RCE via PostgreSQL Sidecar https://t.co/8c6brLN8CR

    @thecybersecguru

    14 Jun 2026

    82 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. # CVE-2026-20253 Splunk Enterprise/Cloud PostgreSQL Sidecar Exploit Kit @UK_Daniel_Card it's coming 😉

    @YogSoth0

    14 Jun 2026

    281 Impressions

    0 Retweets

    5 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  5. 🚨 “Security Tool is the Backdoor”: Inside Splunk’s CVSS 98 Nightmare (#CVE-2026-20253) https://t.co/pUn4YNMCp7 Educational Purposes!

    @UndercodeUpdate

    14 Jun 2026

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🔒 #CyberSecurity CVE-2026-20253: Critical Splunk Enterprise Unauthenticated RCE — Detection and … "Critical unauthenticated RCE (CVE-2026-20253) impacts Splunk Enterprise. Patch…" 🔗 https://t.co/2AxtlaAWjB #CyberSecurity #ThreatIntel #managedsoc #mdr #securitymoni

    @SecurityAr58409

    13 Jun 2026

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Splunk patched CVE-2026-20253, a critical 9.8 flaw that could let unauthenticated attackers write files and trigger remote code execution via PostgreSQL sidecar endpoints. #SplunkEnterprise #CVE-2026-20253 #WatchTowrLabs https://t.co/VABHuW6AQ0

    @TweetThreatNews

    13 Jun 2026

    171 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  8. Splunk just announced CVE-2026-20253 (CVSS 9.8) 🚨 The scary part? No authentication needed. An attacker can: &gt; Hit the PostgreSQL sidecar endpoint &gt; Write arbitrary files to your Splunk instance &gt; Execute code with Splunk privileges Boom. RCE. @watchtowrcy

    @takkerohan97

    13 Jun 2026

    86 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨 Splunk, AWS i CVE Splunk ma krytyczną podatność CVE-2026-20253 z CVSS 9.8. I to nie w jakimś pobocznym dodatku, tylko w Splunk Enterprise, czyli narzędziu używanym do logów, monitoringu, observability i często także pracy zespołów security. Oficjalnie problem do

    @getriffsec

    13 Jun 2026

    280 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Warning: Splunk has released multiple high and critical vulnerabilities in Splunk Enterprise. CVE-2026-20253 (CVSS 9.8) allows an unauthenticated attacker to create or truncate arbitrary files. CVE-2026-20251 (CVSS 8.8) could allow a low-privileged user to perform #RCE! #Patch

    @CCBalert

    11 Jun 2026

    197 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Splunk Enterpriseで複数の脆弱性が修正された。最も深刻なCVE-2026-20253は認証不要で悪用可能な問題で、任意ファイルの作成や切り詰めを行えることから、システム侵害やデータ破壊につながる可能性がある。Splunk

    @yousukezan

    11 Jun 2026

    1511 Impressions

    1 Retweet

    10 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  12. A CVSS 9.8 flaw highlights new Splunk Enterprise vulnerabilities. Patch CVE-2026-20253, CVE-2026-20251, and others to prevent remote attacks on your servers. #Splunk #Cybersecurity #Vulnerability #CVE2026_20253 #InfoSec https://t.co/5541WMpWb5 https://t.co/QESmhwfDVE

    @the_yellow_fall

    11 Jun 2026

    287 Impressions

    1 Retweet

    5 Likes

    1 Bookmark

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.