Summary
Splunk patched a critical vulnerability (CVE-2026-20253, CVSS 9.8) in Splunk Enterprise and Cloud Platform that allows unauthenticated attackers to create or truncate arbitrary files via a PostgreSQL sidecar service.
Take Action:
If you run Splunk Enterprise, update immediately to version 10.4.0, 10.2.4, or 10.0.7. And make sure to isolate the system from the internet and untrusted networks. If you use Splunk Cloud Platform, Splunk is already patching your instances, but verify you're on a fixed version (10.4.2604.3 or 10.2.2510.14 or higher) since there are no other ways to block this attack.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)