HIGHKnown-exploitedexploited in the wild

CVE-2026-20253

Splunk · Enterprise

Summary

Splunk Enterprise Missing Authentication for Critical Function Vulnerability. Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.

References

https://nvd.nist.gov/vuln/detail/CVE-2026-20253