THREATOPS
THREAT OPSThreat News › Critical Unauthenticated Remote Code Execution in Splunk Enterprise (CVE-2026-20253)

Critical Unauthenticated Remote Code Execution in Splunk Enterprise (CVE-2026-20253)

medzscaler_threatlabzPublished 2026-06-26

IntroductionSplunk disclosed a critical unauthenticated remote code execution (RCE) vulnerability in Splunk Enterprise tracked as CVE-2026-20253 on June 10, 2026. The vulnerability has a CVSS score of 9.8 and stems from missing authentication on a PostgreSQL sidecar service recovery endpoint that can be reached through the Splunk Web interface, which proxies requests to the internal Post

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://www.zscaler.com/blogs/security-research/critical-unauthenticated-remote-code-execution-splunk-enterprise-cve-2026