โ† Back to Dashboard

CVE-2026-20253

CRITICAL NVD
CVSS Score
9.8
Severity
CRITICAL
Source
NVD
Published
Jun 10, 2026
Description

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.<br><br>The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials.

View Full Details โ† Back