Skip to content

Splunk Vulnerability CVE-2026-20253 Under Active Exploitation – Critical Patches Required

Bottom line: A security vulnerability in the PostgreSQL sidecar service of Splunk Enterprise (CVE-2026-20253, CVSS 9.8) is already under attack and requires immediate updates to version 10.2.4, 10.0.7, or 10.4.0.

Splunk warns of active exploitation of the critical security vulnerability CVE-2026-20253 in Enterprise versions 10.0.0 through 10.0.6 and 10.2.0 through 10.2.3. The vulnerability enables unauthenticated file operations and remote code execution.

The vulnerability CVE-2026-20253 affects Splunk Enterprise in versions 10.2.0 through 10.2.3 as well as 10.0.0 through 10.0.6 and is classified as critical with a CVSS base score of 9.8. The security risk lies in an integrated PostgreSQL sidecar service that completely lacks access controls. This enables remote attackers to create or manipulate arbitrary files on affected systems without user permissions or passwords. The PostgreSQL sidecar service endpoint accepts requests from any network user without authentication.

Just days after the initial patches were deployed, security analysts from WatchTowr published a detailed technical analysis and functional proof-of-concept exploit code. The analysis showed that the vulnerability can also be exploited to inject and execute malware remotely. The Splunk Product Security Incident Response Team subsequently confirmed active attacks in the wild and is calling for immediate updates. According to Shadowserver data, more than 1,400 Splunk instances worldwide are directly accessible over the Internet, the majority of them in North America and Europe.

Splunk provides corrected versions: Enterprise operators must update to version 10.2.4, 10.0.7, or newer releases such as 10.4.0. For systems with delayed updates, the manufacturer recommends disabling the PostgreSQL sidecar service manually as an interim measure to reduce the attack surface. However, this results in functional limitations for certain data pipelines such as the Edge Processor or SPL2.


Source: www.it-daily.net · Published 22 June 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.7.1.

Share on: