CISA: Splunk Enterprise flaw actively exploited, patch by Sunday

CVE-2026-20253 in Splunk Enterprise is actively exploited in the wild, allowing attackers to create or truncate arbitrary files on vulnerable systems. Federal agencies are mandated to patch by Sunday. Any organization running unpatched Splunk Enterprise is at immediate risk of file manipulation and potential system compromise.

CRITICALAdvisoryJun 20, 2026

Action required

Identify all Splunk Enterprise instances in your environment and patch to the latest version immediately. If patching cannot be completed today, disable the PostgreSQL service as a temporary mitigation and monitor those systems for suspicious file activity.

Affected products

Splunk EnterpriseSplunkPostgreSQLCISA

CVE IDs

CVE-2026-20253

Linked articles

CISA: Splunk Enterprise flaw actively exploited, patch by Sunday

Source links

https://www.bleepingcomputer.com/news/security/cisa-splunk-enterprise-flaw-actively-exploited-patch-by-sunday/