COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-20253

CVE-2026-20253

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-06-18
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-20253
⌖ exploited in the wild shame 65/100 exploited-in-wildunpatcheddata-breach

Splunk Enterprise allows unauthenticated users to create or truncate arbitrary files via a PostgreSQL sidecar service endpoint.

This vulnerability enables unauthenticated file manipulation through a PostgreSQL sidecar, creating a critical data integrity risk for DIB organizations relying on Splunk for log management and security monitoring. The lack of authentication on a critical function endpoint means attackers can bypass Splunk's security controls to alter or delete sensitive data, potentially undermining incident response capabilities and compliance reporting. DIB vendors must patch this immediately to prevent adversaries from exploiting the sidecar service to disrupt security operations.

Shame score — A critical authentication bypass on a PostgreSQL sidecar service endpoint that allows unauthenticated file manipulation represents a significant security failure in Splunk's architecture.

Players implicated

Splunk · vendorEnterprise · product

Description

Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.

Affected FedRAMP products 2 in the catalog

ProductProviderStatusMatch
Splunk Cloud Platform for FedRAMP High Splunk In Process vendor-exact · 0.90
Splunk Cloud Platform for FedRAMP Moderate Splunk Authorized vendor-exact · 0.90