A critical vulnerability in Splunk Enterprise allows unauthenticated attackers to create or delete arbitrary files via an exposed PostgreSQL sidecar service endpoint that lacks proper authentication controls. This could enable attackers to corrupt data, disrupt logging pipelines, or potentially escalate to full system compromise. It is listed on the CISA Known Exploited Vulnerabilities catalogue, confirming active exploitation in the wild.

Security Architect’s Take: Immediately apply Splunk’s patch ahead of the 21 June 2026 remediation deadline, and in the interim restrict network access to the PostgreSQL sidecar service endpoint using firewall rules or security group policies so it is not reachable from untrusted networks.

Original advisory: CVE-2026-20253: Splunk Enterprise