Critical RCE Vulnerability Disclosed in Splunk Enterprise Affects PostgreSQL Sidecar Service

A critical vulnerability chain in Splunk Enterprise, tracked as CVE-2026-20253, has been disclosed, allowing unauthenticated attackers to achieve remote code execution (RCE). The flaw, with a CVSS score of 9.8, affects Splunk Enterprise version 10 and later, stemming from a misconfigured PostgreSQL Sidecar Service. The vulnerability was published by Splunk on June 10, 2026, and the first public proof of concept (PoC) is expected on June 14, 2026. This vulnerability poses a significant risk as it can be exploited without authentication, potentially impacting numerous organizations relying on Splunk for data analysis and monitoring. Security teams are urged to assess their systems and implement mitigations as soon as possible.

Key Points: • CVE-2026-20253 allows unauthenticated RCE in Splunk Enterprise versions 10 and later. • The vulnerability has a CVSS score of 9.8, indicating critical severity. • First public PoC for the vulnerability is expected on June 14, 2026.