Bottom Line: CVE-2026-20253 (CVSS 9.8) enables unauthenticated remote code execution on Splunk Enterprise versions below 10.2.4 and 10.0.7.
Splunk has released security updates for a critical vulnerability in Splunk Enterprise, CVE-2026-20253. With a CVSS score of 9.8, it allows unauthenticated attackers to access files and execute remote code.
Splunk Enterprise versions below 10.2.4 and 10.0.7 are affected. An unauthenticated attacker can create or truncate arbitrary files, which can directly lead to remote code execution.
As a CISO, this creates immediate pressure for action: systems exploitable without authentication from the outside make a service a critical attack target. Splunk Enterprise is frequently used for log analysis and security monitoring – compromising this layer threatens visibility across the entire infrastructure.
Identify which Splunk Enterprise instances are running in your environment, prioritize updating to at least version 10.2.4 or 10.0.7, and review logs to determine whether these ports have already been accessed.
Source: thehackernews.com · Published June 13, 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrasing and classification via Lumi News Pipeline v1.7.1.