• Category: Security
  • Status: confirmed
  • Sources: Splunk advisory SVD-2026-0603, Horizon3.ai analysis
  • Summary: See the Top stories item. Unauthenticated arbitrary file write (CVSS 9.8) via a Splunk Enterprise PostgreSQL sidecar endpoint, affecting 10.0.0 to 10.0.6 and 10.2.0 to 10.2.3, patched in 10.0.7 and 10.2.4. CISA KEV addition 2026-06-18 with a three-day federal deadline.
  • Why it matters: Active exploitation of widely deployed log and SIEM infrastructure.

Send feedback on this story