CVE-2026-20253

Summary

In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service.

Affected Software

VendorProductVersion RangeStatus
SplunkSplunk Enterprise10.2 < 10.2.4affected
SplunkSplunk Enterprise10.0 < 10.0.7affected

Weaknesses

  • CWE-306: The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

References