Top stories
Splunk Enterprise CVE-2026-20253 federal remediation deadline is 2026-06-21
- Category: Security
- Status: confirmed
- Sources: Splunk SVD-2026-0603, Horizon3.ai, Help Net Security, CISA KEV
- Summary: The CISA KEV federal remediation deadline for CVE-2026-20253 (CVSS 9.8) lands today, 2026-06-21. The flaw is a missing-authentication issue on a Splunk Enterprise PostgreSQL sidecar service endpoint that lets an unauthenticated, network-reachable attacker create or truncate arbitrary files, chainable to denial of service or remote code execution. Active exploitation is confirmed; CISA added it to the KEV catalog on 2026-06-18 with a three-day deadline. Affected versions are 10.0.0 through 10.0.6 and 10.2.0 through 10.2.3; patched in 10.0.7, 10.2.4, and 10.4.0.
- Why it matters: Splunk Enterprise is core SOC and SIEM infrastructure, and the deadline arriving today means unpatched federal and enterprise deployments are in an immediate exploitation window.
- Follow-up: Watch for confirmed RCE chains, ransomware follow-on, and patch-adoption telemetry after the deadline passes.