Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Splunk Enterprise unauthenticated file operations flaw (CVE-2026-20253)

Vulnerability
First reported
Last updated
Happening score
H score 37
1 unique sources, 1 articles

Summary

Hide ▲

Splunk Enterprise now has a critical CVE-2026-20253 flaw that lets an unauthenticated attacker perform arbitrary file operations and potentially reach remote code execution on affected servers. The issue affects versions below 10.2.4 and 10.0.7, while Splunk Cloud is not impacted. The weakness sits in a PostgreSQL sidecar service endpoint that lacks authentication controls, allowing network-reachable users to invoke file operations without credentials. Exploit details published for the flaw increase the risk of opportunistic abuse even though there is no evidence of in-the-wild exploitation.

Related Happenings

CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551

Public Sector Action
H score49 First: 04.02.2026 07:50 Last: 04.02.2026 07:50 Sources 1

About this happening: **CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...

Open Happening

Timeline

  1. 13.06.2026 16:23 1 articles · 4h ago

    watchTowr details pre-auth RCE chain in Splunk Enterprise

    Technical Analysis Update

    watchTowr Labs detailed a pre-authenticated remote code execution chain for CVE-2026-20253 in Splunk Enterprise by abusing the /v1/postgres/recovery/backup and /v1/postgres/recovery/restore endpoints. The chain uses an attacker-controlled database dump, a passfile that points to /opt/splunk/var/packages/data/postgres/.pgpass, and SQL execution during restore to gain a controlled file write on the Splunk file system and potentially overwrite a Python script such as /opt/splunk/etc/apps/splunk_secure_gateway/bin/ssg_enable_modular_input.py.

    Show sources
    Open in new tab
  2. 13.06.2026 16:23 2 articles · 4h ago

    Splunk releases fixes for critical CVE-2026-20253

    Mitigation Patch Update

    Splunk released security updates for CVE-2026-20253 in Splunk Enterprise versions below 10.2.4 and 10.0.7. Splunk Enterprise 10.0.0 to 10.0.6 are fixed in 10.0.7, Splunk Enterprise 10.2.0 to 10.2.3 are fixed in 10.2.4, and Splunk Enterprise 10.4 is not affected. Splunk said an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint, and Splunk Cloud is not impacted because Postgres sidecars are not used in the product.

    Show sources
    Open in new tab