CVE- 2026-20253 is a critical vulnerability in Splunk Enterprise that allows unauthenticated attackers to perform arbitrary file operations, potentially leading to remote code execution (RCE). CISA warns of active exploitation and has listed this vulnerability in their Known Exploited Vulnerabilities catalog. Affected versions include Splunk Enterprise 10.0.0 to 10.0.6 and 10.2.0 to 10.2.3, with patches in 10.0.7 and 10.2.4.
The vulnerability stems from a flaw in the PostgreSQL sidecar service endpoint, which lacks authentication. Organizations should urgently apply patches, disable the vulnerable service if necessary, and improve network segmentation to mitigate risk. Monitoring for unusual file operations on affected systems is also recommended.