Splunk Enterprise Flaw Exposes Pre-Auth RCE Chain Through PostgreSQL Sidecar Service
VPN Central [Unofficial]
June 17, 2026
Splunk has patched a critical Splunk Enterprise vulnerability that can let unauthenticated attackers create or truncate files through a PostgreSQL sidecar service endpoint. The flaw is tracked as CVE-2026-20253 and carries a CVSS 3.1 score of 9.8. The official issue is described as unauthenticated arbitrary file creation and truncation. However, watchTowr Labs showed how the […]
The post Splunk Enterprise Flaw Exposes Pre-Auth RCE Chain Through PostgreSQL Sidecar Service appeared first on VPN Central.
Discussion in the ATmosphere