logo

Splunk Urges Immediate Patching of Critical Flaw Enabling Arbitrary File Operations

ID: 0a609e0f-aa9d-545c-8a0a-7ebf1576fca3

STIX ID: report--0a609e0f-aa9d-545c-8a0a-7ebf1576fca3

Feed Name: The Cyber Express

Threat Score
80/100

Date Published: 2026-06-15

Date Updated: 2026-06-15

Author: Ashish Khaitan

...
...

A critical vulnerability (CVE-2026-20253, CVSS 9.8) in Splunk Enterprise's PostgreSQL sidecar allows unauthenticated attackers to create or truncate arbitrary files via endpoints and PostgreSQL functions (notably lo_export), enabling escalation from arbitrary file write to remote code execution by replacing routinely executed Python scripts; affected on-prem versions are below 10.2.4 and 10.0.7 and Splunk has released fixes while Splunk Cloud is unaffected.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.