Lucene search
K

13 matches found

NCSC
NCSC
added 2026/06/19 12:42 p.m.36 views

Vulnerabilities in Splunk Enterprise and Splunk Cloud Platform

Splunk has identified several vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These vulnerabilities concern various components of Splunk Enterprise and Splunk Cloud Platform. Splunk has classified the vulnerability with the identifier CVE-2026-20253 as a critical vulnerability in...

9.8CVSS6.9AI score0.88171EPSS
Exploits6References9
Nuclei
Nuclei
added 2026/06/19 11:10 a.m.9 views

Splunk Enterprise & Cloud Platform - Unrestricted File Upload

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.The vulnerability exists because the PostgreSQL sidecar...

9.8CVSS6.2AI score0.88171EPSS
Exploits5References2
CISA KEV Catalog
CISA KEV Catalog
added 2026/06/18 12:0 a.m.9 views

Splunk Enterprise Missing Authentication for Critical Function Vulnerability

Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint...

9.8CVSS5.9AI score0.88171EPSS
In wildExploits5
VulnCheck KEV
VulnCheck KEV
added 2026/06/15 12:0 a.m.11 views

VulnCheck KEV: CVE-2026-20253

In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls,...

9.8CVSS5.9AI score0.88171EPSS
In wildExploits5References5
The Hacker News
The Hacker News
added 2026/06/13 1:23 p.m.26 views

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253 , is rated 9.8 on the CVSS scoring system. "In Splunk...

9.8CVSS6.6AI score0.88171EPSS
Exploits5
NVD
NVD
added 2026/06/10 6:16 p.m.244 views

CVE-2026-20253

In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls,...

9.8CVSS0.88171EPSS
Exploits5References3
Vulnrichment
Vulnrichment
added 2026/06/10 5:16 p.m.13 views

CVE-2026-20253 Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise

In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls,...

9.8CVSS5.9AI score0.88171EPSS
Exploits5References1
Cvelist
Cvelist
added 2026/06/10 5:16 p.m.47 views

CVE-2026-20253 Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise

In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls,...

9.8CVSS0.88171EPSS
Exploits5References1
EUVD
EUVD
added 2026/06/10 5:16 p.m.10 views

EUVD-2026-36088

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.The vulnerability exists because the PostgreSQL sidecar...

9.8CVSS5.6AI score0.88171EPSS
Exploits5References1
CVE
CVE
added 2026/06/10 5:16 p.m.295 views

CVE-2026-20253

Summary: CVE-2026-20253 affects Splunk Enterprise and Splunk Cloud Platform due to an unauthenticated PostgreSQL sidecar service endpoint that can create or truncate arbitrary files when exposed on the network. Affected software/versions (per sources): Splunk Enterprise < 10.2.4 and < 10.0....

9.8CVSS5.8AI score0.88171EPSS
In wildExploits5References3Affected Software1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

Splunk Cloud Platform和Splunk Enterprise 访问控制错误漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. Vulnerabilities in access control...

9.8CVSS5.8AI score0.88171EPSS
Exploits5References1
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.10 views

Splunk Enterprise 10.0.0 < 10.0.7, 10.2.0 < 10.2.4 (SVD-2026-0603)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0603 advisory. - In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14,...

9.8CVSS6.3AI score0.88171EPSS
Exploits5References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.13 views

PT-2026-48493

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions 10.2 through 10.2.3 Splunk Enterprise versions 10.0 through 10.0.6 Description An unauthenticated user can create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. This issue occurs because t...

9.8CVSS6.8AI score0.88171EPSS
Exploits5References169
Rows per page
Query Builder