THE U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a severe flaw, CVE-2026-20253, in Splunk Enterprise to its Known Exploited Vulnerabilities catalog. This flaw, which has a CVSS score of 9.8, stems from improper authentication on the PostgreSQL sidecar service, allowing unauthenticated attackers to manipulate files on vulnerable systems. The flaw affects Splunk Enterprise versions 10.2 below 10.2.4 and 10.0 below 10.0.7.
CISA has mandated that federal agencies address this vulnerability by June 21, 2026, while Splunk recommends upgrading to patched versions to mitigate risks. Organizations unable to update should disable the PostgreSQL sidecar service as a temporary measure.