THREAT OPS › Threat News › Critical Unauthenticated Remote Code Execution in Splunk Enterprise (CVE-2026-20253)
Critical Unauthenticated Remote Code Execution in Splunk Enterprise (CVE-2026-20253)
IntroductionSplunk disclosed a critical unauthenticated remote code execution (RCE) vulnerability in Splunk Enterprise tracked as CVE-2026-20253 on June 10, 2026. The vulnerability has a CVSS score of 9.8 and stems from missing authentication on a PostgreSQL sidecar service recovery endpoint that can be reached through the Splunk Web interface, which proxies requests to the internal Post
MITRE ATT&CK techniques
Indicators of compromise
- CVE-2026-20253cve
- attacker-db.comdomain