CVE-2026-20253
Undergoing Analysis Undergoing Analysis - In Progress
PostgreSQL Sidecar File Creation in Splunk Enterprise

Publication date: 2026-06-10

Last updated on: 2026-06-10

Assigner: Cisco Systems, Inc.

Description
In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.<br><br>The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-10
Last Modified
2026-06-10
Generated
2026-06-15
AI Q&A
2026-06-10
EPSS Evaluated
2026-06-14
NVD
CVE-2026-20253
EUVD
EUVD-2026-36088
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
splunk splunk_enterprise to 10.2.4 (exc)
splunk splunk_enterprise to 10.0.7 (exc)
splunk splunk_cloud_platform to 10.4.2604.3 (exc)
splunk splunk_cloud_platform to 10.2.2510.14 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-20253 is a critical vulnerability in Splunk Enterprise and Splunk Cloud Platform that allows unauthenticated users to create or truncate arbitrary files via a PostgreSQL sidecar service endpoint.

This vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, enabling any network-reachable user to perform file operations without needing credentials.

It affects Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14.

Impact Analysis

This vulnerability can have severe impacts because it allows unauthenticated attackers to create or truncate arbitrary files on affected systems.

Such unauthorized file operations can lead to complete compromise of confidentiality, integrity, and availability of the system, as indicated by the high CVSS score of 9.8.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade to fixed versions of Splunk Enterprise or Splunk Cloud Platform.

  • Upgrade Splunk Enterprise to version 10.4.0, 10.2.4, or 10.0.7 or higher.
  • Upgrade Splunk Cloud Platform to version 10.4.2604.3 or 10.2.2510.14 or higher.

No mitigations or workarounds are currently available, so applying the updates is the only effective immediate step.

Compliance Impact

The vulnerability allows unauthenticated users to create or truncate arbitrary files on affected Splunk Enterprise and Splunk Cloud Platform versions due to lack of authentication controls on a PostgreSQL sidecar service endpoint.

This critical security flaw (CVSS score 9.8) could lead to unauthorized data manipulation or deletion, which may result in non-compliance with data protection standards such as GDPR and HIPAA that require strict access controls and data integrity safeguards.

Organizations using vulnerable versions of Splunk may face increased risk of data breaches or loss, potentially violating regulatory requirements for protecting sensitive information and maintaining audit trails.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20253. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart