CVE Tools
Sign in
Back to feed
watchTowr Labs ·EN Vendor research

Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE)

By Piotr Bazydlo (@chudyPB)··17 min read

Three posts? In three days? Are we insane?

We're home alone, there's no one to stop us, and we're up past bedtime. So, we need to talk about Splunk.

On June 10th, Splunk published this CVE-2026-20253 advisory:

It has everything that we love:

  • No authentication requirements,
  • An almost full-mark CVSS score,
  • Claims to be a security product,
  • Vulnerability name longer than the average piece of spaghetti.…
Continue reading on watchTowr Labs