Security
Splunk Enterprise CVE-2026-20253 under active exploitation
- Category: Security
- Status: confirmed
- Sources: Splunk advisory SVD-2026-0603, Horizon3.ai analysis
- Summary: See the Top stories item. Unauthenticated arbitrary file write (CVSS 9.8) via a Splunk Enterprise PostgreSQL sidecar endpoint, affecting 10.0.0 to 10.0.6 and 10.2.0 to 10.2.3, patched in 10.0.7 and 10.2.4. CISA KEV addition 2026-06-18 with a three-day federal deadline.
- Why it matters: Active exploitation of widely deployed log and SIEM infrastructure.