CVE-2026-20253: Splunk Enterprise CVSS 9.8 — Unauthenticated RCE Through a PostgreSQL Sidecar That Forgot to Lock Its Door
CVE-2026-20253 is a CVSS 9.8 Critical in Splunk Enterprise — unauthenticated RCE through the PostgreSQL Sidecar Service. No credentials. No interaction. The backup and restore endpoints lack authentication and are reachable through Splunk’s port 8000 proxy. AWS deployments are vulnerable out of the box. watchTowr published the full exploit chain. Splunk Cloud is NOT affected. Patch to 10.4.0, 10.2.4, 10.0.7, 9.4.12, or 9.3.13 immediately.
