Unsecured Splunk Flaw Could Allow Unauthenticated Writes and Remote Code Execution
Security updates fix CVE-2026-20253 in Splunk Enterprise, a critical flaw that allowed unauthenticated file operations and potential pre-auth remote code execution via the PostgreSQL sidecar endpoint; affected versions include 10.0.0–10.0.6 (fixed in 10.0.7) and 10.2.0–10.2.3 (fixed in 10.2.4); Splunk Cloud and Splunk 10.4 are not affected. An attacker could abuse /backup and /restore to drop malicious SQL and write a payload to the file system, escalating to code execution; users should upgrade immediately.