Back to advisories

Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure

CVE-2026-20253 is a critical unauthenticated RCE in Splunk Enterprise being actively exploited in the wild. Attackers can create or truncate arbitrary files via the PostgreSQL sidecar service. All Splunk Enterprise instances are at risk and federal agencies have been mandated to patch by June 21st.

CRITICALAdvisoryJun 20, 2026

Action required

Immediately identify all Splunk Enterprise instances in your environment and patch to the latest patched version. If immediate patching is not possible, isolate affected instances from the network or restrict access to the PostgreSQL sidecar service.

Affected products

Splunk EnterpriseSplunkPostgreSQLCiscoWatchTowr

CVE IDs

Linked articles

Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure

Source links

https://www.securityweek.com/splunk-enterprise-vulnerability-exploited-in-attacks-days-after-disclosure/