[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-20253":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-20T19:39:07.854Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":50,"duplicate_of":9,"upstream":51,"downstream":52,"duplicates":53,"related":54,"reserved_at":9,"published_at":55,"modified_at":56,"state":57,"summary":58,"references_raw":68,"kevs":84,"epss":95,"epss_history":98,"metrics":128,"affected":135},"CVE-2026-20253","In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-306","Missing Authentication for Critical Function","The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.","weakness","Draft","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-12","Choosing Message Identifier",[],{"id":25,"name":26,"techniques":27},"CAPEC-166","Force the System to Reset Values",[],{"id":29,"name":30,"techniques":31},"CAPEC-216","Communication Channel Manipulation",[],{"id":33,"name":34,"techniques":35},"CAPEC-36","Using Unpublished Interfaces or Functionality",[],{"id":37,"name":38,"techniques":39},"CAPEC-62","Cross Site Request Forgery",[],[41],{"_key":42,"name":43,"source":44,"url":45,"maturity":46,"reliability_score":47,"verified":48,"type":9,"platforms":49,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_044CA931AFAE6C6C","Exploit Reference (labs.watchtowr.com)","reference","https://labs.watchtowr.com/why-use-app-level-auth-when-every-database-has-auth-splunk-enterprise-cve-2026-20253-pre-auth-rce/","unknown",0.2,false,[],[],[],[],[],[],"2026-06-10T17:16:21.242Z","2026-06-19T03:55:19.206Z","Modified",{"cisa_kev":59,"cisa_ransomware":48,"cisa_vendor":60,"epss_severity":61,"epss_score":62,"severity":63,"severity_score":64,"severity_version":65,"severity_source":66,"severity_vector":67,"severity_status":57},true,"Splunk","medium",0.10035,"critical",9.8,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[69,75,79],{"url":70,"sources":71,"tags":73},"https://advisory.splunk.com/advisories/SVD-2026-0603",[66,72],"nvd",[74],"Vendor Advisory",{"url":45,"sources":76,"tags":77},[66,72],[78],"Exploit",{"url":80,"sources":81,"tags":82},"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20253",[66],[83],"Government Resource",[85],{"source":86,"vendor":60,"product":87,"date_added":88,"vulnerability_name":89,"short_description":90,"required_action":91,"due_date":92,"known_ransomware_campaign_use":93,"notes":94,"exploitation_type":9},"cisa","Enterprise","2026-06-18","Splunk Enterprise Missing Authentication for Critical Function Vulnerability","Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.","Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.","2026-06-21","Unknown","https://advisory.splunk.com/advisories/SVD-2026-0603 ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-20253",{"date":96,"score":62,"percentile":97},"2026-06-20",0.9502,[99,103,106,109,112,116,119,123,125,127],{"date":100,"score":101,"percentile":102},"2026-06-11",0.00067,0.20889,{"date":104,"score":101,"percentile":105},"2026-06-12",0.21064,{"date":107,"score":101,"percentile":108},"2026-06-13",0.21083,{"date":110,"score":101,"percentile":111},"2026-06-14",0.21065,{"date":113,"score":114,"percentile":115},"2026-06-15",0.01681,0.73868,{"date":117,"score":114,"percentile":118},"2026-06-16",0.73896,{"date":120,"score":121,"percentile":122},"2026-06-17",0.01731,0.74641,{"date":88,"score":121,"percentile":124},0.74662,{"date":126,"score":62,"percentile":97},"2026-06-19",{"date":96,"score":62,"percentile":97},[129,133],{"source":66,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":130,"cvss_v4_0":9},{"baseScore":64,"baseSeverity":131,"vectorString":67,"impactScore":64,"exploitabilityScore":132},"CRITICAL",10,{"source":72,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":134,"cvss_v4_0":9},{"baseScore":64,"baseSeverity":131,"vectorString":67,"impactScore":64,"exploitabilityScore":132},[136,151,163],{"ecosystem":9,"name":137,"vendor":137,"product":137,"cpe_part":138,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":139},"splunk","a",[140,147],{"version":141,"is_range":59,"range_type":142,"version_start":143,"version_start_type":144,"version_end":145,"version_end_type":146,"fixed_in":9},"gte10.0.0_lt10.0.7","cpe","10.0.0","including","10.0.7","excluding",{"version":148,"is_range":59,"range_type":142,"version_start":149,"version_start_type":144,"version_end":150,"version_end_type":146,"fixed_in":9},"gte10.2.0_lt10.2.4","10.2.0","10.2.4",{"ecosystem":9,"name":152,"vendor":137,"product":153,"cpe_part":138,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":154},"splunk cloud platform","splunk_cloud_platform",[155,159],{"version":156,"is_range":59,"range_type":66,"version_start":157,"version_start_type":144,"version_end":158,"version_end_type":146,"fixed_in":9},"gte10.4.2604_lt10.4.2604.3","10.4.2604","10.4.2604.3",{"version":160,"is_range":59,"range_type":66,"version_start":161,"version_start_type":144,"version_end":162,"version_end_type":146,"fixed_in":9},"gte10.2.2510_lt10.2.2510.14","10.2.2510","10.2.2510.14",{"ecosystem":9,"name":164,"vendor":137,"product":165,"cpe_part":138,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":166},"Splunk Enterprise","splunk enterprise",[167,170],{"version":168,"is_range":59,"range_type":66,"version_start":169,"version_start_type":144,"version_end":150,"version_end_type":146,"fixed_in":9},">= 10.2, \u003C 10.2.4","10.2",{"version":171,"is_range":59,"range_type":66,"version_start":172,"version_start_type":144,"version_end":145,"version_end_type":146,"fixed_in":9},">= 10.0, \u003C 10.0.7","10.0"]