U.S. CISA adds Splunk Enterprise flaw to its Known Exploited Vulnerabilities catalog and urges agencies to fix it by Sunday
Publish Date: 2026-06-19 06:52:00
Source Domain: securityaffairs.com
U.S. CISA adds Splunk Enterprise flaw to its Known Exploited Vulnerabilities catalog and urges agencies to fix it by Sunday
Pierluigi Paganini
June 19, 2026
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Splunk Enterprise flaw to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Splunk Enterprise flaw, tracked as CVE-2026-20253 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog.
The flaw CVE-2026-20253 is an improper authentication vulnerability in the PostgreSQL sidecar service of Splunk Enterprise that allows unauthenticated remote attackers to create or truncate arbitrary files on affected systems. The issue stems from missing authentication controls on a PostgreSQL sidecar service endpoint, enabling any network-reachable user to invoke file operations without valid credentials.
“In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.” reads the advisory. “The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials.”
Successful exploitation could lead to data loss, service disruption, or further compromise depending on the files targeted.
The vulnerability affects Splunk Enterprise 10.2 versions prior to 10.2.4 and 10.0 versions prior to 10.0.7, while versions 9.4 and earlier are not impacted. Organizations unable to immediately apply the available patches should mitigate the risk by disabling the PostgreSQL sidecar service.
Splunk PSIRT confirmed it is aware of limited active exploitation of the vulnerability and urged customers to immediately upgrade to patched versions to mitigate the risk. The…
