A critical vulnerability (CVE-2026-20253, CVSS 9.8) in Splunk Enterprise allows unauthenticated attackers to perform arbitrary file operations and execute remote code. Affected versions are Splunk Enterprise below 10.2.4 and 10.0.7. The lack of any authentication requirement makes this particularly dangerous, as exploitation requires no foothold within the target environment.

Security Architect’s Take: Patch Splunk Enterprise to version 10.2.4 or 10.0.7 immediately. Until patching is complete, restrict network access to Splunk management interfaces and ingestion endpoints using firewall rules or security group policies to limit exposure to trusted IP ranges only.

Original advisory: Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication