Exposures › CVE-2026-20253
Splunk Enterprise allows unauthenticated users to create or truncate arbitrary files via a PostgreSQL sidecar service endpoint.
This vulnerability enables unauthenticated file manipulation through a PostgreSQL sidecar, creating a critical data integrity risk for DIB organizations relying on Splunk for log management and security monitoring. The lack of authentication on a critical function endpoint means attackers can bypass Splunk's security controls to alter or delete sensitive data, potentially undermining incident response capabilities and compliance reporting. DIB vendors must patch this immediately to prevent adversaries from exploiting the sidecar service to disrupt security operations.
Shame score — A critical authentication bypass on a PostgreSQL sidecar service endpoint that allows unauthenticated file manipulation represents a significant security failure in Splunk's architecture.
Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.
| Product | Provider | Status | Match |
|---|---|---|---|
| Splunk Cloud Platform for FedRAMP High | Splunk | In Process | vendor-exact · 0.90 |
| Splunk Cloud Platform for FedRAMP Moderate | Splunk | Authorized | vendor-exact · 0.90 |