Splunk Releases Security Advisory For Critical Vulnerability in Splunk Enterprise
Successful exploitation of CVE-2026-20253 could allow a remote unauthenticated attacker to create arbitrary files, potentially enabling remote code execution and full system compromise
Summary
Successful exploitation of CVE-2026-20253 could allow a remote unauthenticated attacker to create arbitrary files, potentially enabling remote code execution and full system compromise
Affected platforms
The following platforms are known to be affected:
Threat details
Exploitation of CVE-2026-20253
Following the release of a proof-of-concept exploit, security researchers are reporting exploitation of vulnerability CVE-2026-20253 in the wild, and the US Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog.
The NHS England National CSOC assesses further exploitation as highly likely.
Introduction
Splunk has released a security advisory to address a critical vulnerability in Splunk Enterprise. Successful exploitation could allow an unauthenticated attacker to manipulate files and potentially execute arbitrary code on affected systems.
- CVE-2026-20253 – "Missing Authentication for Critical Function" vulnerability – CVSS 3.1 score: 9.8
Threat updates
| Date | Update |
|---|---|
| 19 Jun 2026 | Exploitation of CVE-2026-20253 |
Remediation advice
Affected organisations are encouraged to review Splunk's SVD-2026-0603 advisory and apply the relevant updates as soon as possible.
Definitive source of threat updates
Last edited: 19 June 2026 11:30 am