CVE-2026-20253: CISA Warns of Actively Exploited Splunk Enterprise RCE
ID: ae48b687-cb66-5f9a-8890-96802d69c314
STIX ID: report--ae48b687-cb66-5f9a-8890-96802d69c314
Feed Name: SOCRadar Blog
**Executive summary:** CVE-2026-20253 is a critical (CVSS 9.8) unauthenticated vulnerability in Splunk Enterprise's PostgreSQL sidecar that allows network-reachable attackers to create or truncate files and, under known exploit chains (public PoC), achieve remote code execution; active exploitation has been confirmed and CISA added it to the Known Exploited Vulnerabilities catalog, so affected Splunk instances should be upgraded or the sidecar disabled immediately while monitoring for filesystem and process anomalies.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
