Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

Splunk released security updates for a critical issue in Splunk Enterprise that allows network-reachable attackers to perform unauthenticated PostgreSQL sidecar file operations, potentially escalating to remote code execution. The vulnerability is tracked as CVE-2026-20253 (CVSS 9.8) and affects Splunk Enterprise versions below 10.2.4 and 10.0.7, with fixes in 10.0.7 and 10.2.4 (Splunk Enterprise 10.4 is not affected). Splunk Cloud is reported as not impacted because it does not use PostgreSQL sidecars. Apply the vendor patches promptly to reduce the risk of exploitation.