Zero Day MonitorZDM

← Back to list

9.8

CVE-2026-20253PATCHED

splunk · splunk enterprise

Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise

Description

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.<br><br>The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials.

Affected Products

Vendor	Product	Versions
splunk	splunk enterprise	10.2, 10.0, 10.4.2604, 10.2.2510

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
splunk	splunk enterprise	cert_advisory	90%

References

Related News (6 articles)

Tier E

Reddit r/cybersecurity1d ago

Splunk Enterprise had an unauthenticated RCE sitting in your security stack

→ No new info (linked only)

Tier D

The Hacker News1d ago

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

→ No new info (linked only)

Tier E

Reddit r/netsec2d ago

Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE) - watchTowr Labs

→ No new info (linked only)

Tier B

BSI Advisories4d ago

[NEU] [hoch] Splunk Enterprise: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB4d ago

CVE-2026-20253 | Splunk Enterprise/Cloud Platform PostgreSQL Sidecar Service Endpoint missing authentication (SVD-2026-0603)

→ No new info (linked only)

Tier E

Hacker News4d ago

Splunk Enterprise PostgreSQL sidecar has no auth (CVE-2026-20253, CVSS 9.8)

→ No new info (linked only)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

10.2.410.0.710.4.2604.310.2.2510.14

CWECWE-306, CWE-94

PublishedJun 10, 2026

Last enriched1d agov3

Trending Score59

Source articles6

Independent6

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-20251EXP

Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway

CRITICALCVE-2026-20259EXP

Improper Access Control in Splunk Enterprise

CRITICALCVE-2026-20254EXP

Information Disclosure through External Content Restriction Bypass in Splunk Enterprise

CRITICALCVE-2026-20252EXP

Server-Side Request Forgery (SSRF) through Dashboard Studio PDF Export in Splunk Enterprise

HIGHCVE-2026-20255EXP

Improper Input Validation through Classic Dashboards in Splunk Enterprise

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 10, 2026

Discovered by ZDM

Jun 10, 2026

Updated: description

Jun 10, 2026

Exploit Available

Jun 11, 2026

Patch Available

Jun 11, 2026

Updated: cweIds

Jun 13, 2026

Version History

v3

Last enriched 1d ago

v3Tier D1d ago

Updated CVSS score to 9.8, added CWE-94, and marked exploit as available and actively exploited.

cweIds

via The Hacker News

v2Tier C4d ago

Updated description with new details, clarified that no exploit exists, and noted that the vulnerability is actively exploited.

description

via VulDB

v14d ago

Initial creation