Home

Description

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.<br><br>The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials.

PUBLISHED Reserved 2025-10-08 | Published 2026-06-10 | Updated 2026-06-10 | Assigner cisco




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Product status

10.2 (custom) before 10.2.4
affected

10.0 (custom) before 10.0.7
affected

10.4.2604 (custom) before 10.4.2604.3
affected

10.2.2510 (custom) before 10.2.2510.14
affected

Credits

Alex Hordijk (hordalex)

References

advisory.splunk.com/advisories/SVD-2026-0603

cve.org (CVE-2026-20253)

nvd.nist.gov (CVE-2026-20253)

Download JSON