logo

CVE-2026-20253: CISA Warns of Actively Exploited Splunk Enterprise RCE

ID: ae48b687-cb66-5f9a-8890-96802d69c314

STIX ID: report--ae48b687-cb66-5f9a-8890-96802d69c314

Feed Name: SOCRadar Blog

Threat Score
90/100

Date Published: 2026-06-19

Date Updated: 2026-06-20

Author: Yağmur Ernalbant

...
...

**Executive summary:** CVE-2026-20253 is a critical (CVSS 9.8) unauthenticated vulnerability in Splunk Enterprise's PostgreSQL sidecar that allows network-reachable attackers to create or truncate files and, under known exploit chains (public PoC), achieve remote code execution; active exploitation has been confirmed and CISA added it to the Known Exploited Vulnerabilities catalog, so affected Splunk instances should be upgraded or the sidecar disabled immediately while monitoring for filesystem and process anomalies.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.