THREATOPS
THREAT OPSCVEs › CVE-2026-20253

CVE-2026-20253 — Splunk Enterprise Missing Authentication for Critical Function Vulnerability

CISA KEVExploited: confirmedSplunk

Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.

Vulnerability details

Related reporting