Ethical Hacking News
A critical vulnerability in Splunk Enterprise has been added to CISA's Known Exploited Vulnerabilities catalog, urging agencies to fix it by Sunday, June 21, 2026. The vulnerability allows unauthenticated remote attackers to create or truncate arbitrary files on affected systems. Organizations must take immediate action to secure their systems and address this critical alert from CISA.
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Splunk Enterprise to its Known Exploited Vulnerabilities catalog. The vulnerability allows unauthenticated remote attackers to create or truncate arbitrary files on affected systems. The issue stems from missing authentication controls on a PostgreSQL sidecar service endpoint, making it vulnerable to exploitation. The affected versions of Splunk Enterprise are prior to 10.2.4 and 10.0.7, while versions 9.4 and earlier are not impacted. Organizations should mitigate the risk by disabling the PostgreSQL sidecar service or upgrading to patched versions.
The Cybersecurity and Infrastructure Security Agency (CISA) has recently added a critical vulnerability in Splunk Enterprise to its Known Exploited Vulnerabilities catalog, urging agencies to fix it by Sunday, June 21, 2026. The vulnerability, tracked as CVE-2026-20253, is an improper authentication vulnerability that allows unauthenticated remote attackers to create or truncate arbitrary files on affected systems.
The issue stems from missing authentication controls on a PostgreSQL sidecar service endpoint, enabling any network-reachable user to invoke file operations without valid credentials. According to the advisory, successful exploitation could lead to data loss, service disruption, or further compromise depending on the files targeted.
The vulnerability affects Splunk Enterprise 10.2 versions prior to 10.2.4 and 10.0 versions prior to 10.0.7, while versions 9.4 and earlier are not impacted. Organizations unable to immediately apply the available patches should mitigate the risk by disabling the PostgreSQL sidecar service.
Splunk PSIRT confirmed that it is aware of limited active exploitation of the vulnerability and urged customers to immediately upgrade to patched versions to mitigate the risk. The company did not disclose technical details about the attacks targeting this issue.
This critical alert from CISA underscores the importance of keeping software up-to-date and patching vulnerabilities as soon as possible. It also highlights the need for organizations to review their infrastructure and address any identified vulnerabilities before they can be exploited by attackers.
In light of this vulnerability, it is essential for agencies and private organizations to take immediate action to secure their systems against potential attacks. This may involve upgrading to patched versions of Splunk Enterprise, disabling the PostgreSQL sidecar service, or implementing additional security measures to prevent exploitation.
Furthermore, CISA's Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities requires federal agencies to address identified vulnerabilities by the due date. Experts also recommend that private organizations review the Known Exploited Vulnerabilities catalog and address the vulnerabilities in their infrastructure.
In conclusion, the recent addition of the Splunk Enterprise vulnerability to CISA's Known Exploited Vulnerabilities catalog serves as a critical alert for agencies and organizations to take immediate action to secure their systems against potential attacks. By upgrading to patched versions, disabling vulnerable services, or implementing additional security measures, individuals can help mitigate the risk associated with this vulnerability.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Splunk-Enterprise-Vulnerability-A-Critical-Alert-from-CISA-ehn.shtml
https://securityaffairs.com/193888/security/u-s-cisa-adds-splunk-enterprise-flaw-to-its-known-exploited-vulnerabilities-catalog-and-urges-agencies-to-fix-it-by-sunday.html
https://nvd.nist.gov/vuln/detail/CVE-2026-20253
https://www.cvedetails.com/cve/CVE-2026-20253/
Published: Fri Jun 19 07:28:13 2026 by llama3.2 3B Q4_K_M
