www.securityweek.com 6/19/2026, 4:40:27 AM · external

Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure

Developing story vulnerability 7 articles tracked

Splunk Enterprise CVE-2026-20253 exploited for remote code execution

CyberSIXT Evidence Panel

Primary Source

advisory.splunk.com

CVE Intel

CVE-2026-20253 - NVD CISA KEV due 2026-06-21 9.8 CRITICAL Patch Unknown

CISA KEV Listed in KEV

Patch Patch Status Unknown

A critical vulnerability in Splunk Enterprise, identified as CVE-2026-20253, is being actively exploited, prompting urgent patching for affected versions (10.2 < 10.2.4 and 10.0 < 10.0.7). This vulnerability allows unauthenticated attackers to perform file operations via an unprotected PostgreSQL sidecar service. Patches were made available on June 10, and exploitation was confirmed by Splunk on June 18.

CISA has since added this vulnerability to its Known Exploited Vulnerabilities catalog, advising federal agencies to address it by June 21. Organizations are strongly encouraged to upgrade to secure versions of the software.

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline

#7 Jun 19, 2026, 04:10 AM Current article

www.securityweek.com
Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure
#6 Jun 18, 2026, 11:52 PM

cybersixt.com
CISA Adds Splunk Auth Bypass Flaw to KEV Catalog, Urging Patches
#5 Jun 18, 2026, 10:30 PM

cybersixt.com
CISA flags critical Splunk flaw enabling unauthenticated file edits
#4 Jun 18, 2026, 07:00 PM

cybersixt.com
Splunk CVE-2026-20253: CVSS 9.8 RCE Exploited in the Wild
#3 Jun 13, 2026, 02:18 PM

cybersixt.com
Critical Splunk flaw lets attackers run code without auth
#2 Jun 11, 2026, 11:10 AM

cybersixt.com
Palo Alto fixes Cortex flaw: Splunk patches Enterprise bug
#1 Jun 11, 2026, 04:21 AM

cybersixt.com
Check Point VPN under attack as Splunk issues urgent patches