Critical Splunk Enterprise Vulnerability Enables Unauthenticated Remote Code Execution

Splunk has released security updates to address CVE-2026-20253, a critical vulnerability with a CVSS score of 9.8 that affects multiple versions of Splunk Enterprise. The flaw stems from missing authentication controls in a PostgreSQL sidecar service, allowing remote attackers to perform arbitrary file operations and potentially achieve remote code execution without valid credentials. Researchers demonstrated how the vulnerability could be chained with PostgreSQL restore functions to write malicious files and execute attacker-controlled code on vulnerable systems. Although there is currently no evidence of active exploitation, organizations are urged to apply the available patches immediately due to the public release of exploit details and the severity of the issue.

Reference: thehackernews.com