PatchSiren cyber security CVE debrief
CVE-2026-20253 Splunk CVE debrief
A critical vulnerability, CVE-2026-20253, was found in Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14. This vulnerability allows an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The issue arises from the lack of authentication controls in the PostgreSQL sidecar service endpoint, making it possible for any network-reachable user to invoke file operations without credentials. The CVSS score for this vulnerability is 9.8, indicating a critical severity level.
- Vendor
- Splunk
- Product
- Splunk Enterprise
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-10
Who should care
Users of Splunk Enterprise and Splunk Cloud Platform should be aware of this vulnerability, especially those with versions below the specified thresholds.
Technical summary
The vulnerability exists in the PostgreSQL sidecar service endpoint, which lacks authentication controls. This allows unauthenticated users to create or truncate arbitrary files.
Defensive priority
High
Recommended defensive actions
- Upgrade Splunk Enterprise to version 10.2.4 or 10.0.7, or later.
- Upgrade Splunk Cloud Platform to version 10.4.2604.3 or 10.2.2510.14, or later.
- Refer to [ref-4](https://advisory.splunk.com/advisories/SVD-2026-0603) for more information and patching guidance.
Evidence notes
The vendor is identified as 'Unknown Vendor' with low confidence, based on evidence from 'reference_domain_candidate' suggesting 'Splunk'.
Official resources
-
CVE-2026-20253 CVE record
CVE.org
-
CVE-2026-20253 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-20253 was published on 2026-06-10T18:16:40.760Z and modified on 2026-06-10T18:36:19.463Z.