Splunk has issued critical security patches for Splunk Enterprise to address CVE-2026-20253, a vulnerability with a CVSS score of 9.8 that allows unauthenticated attackers to perform arbitrary file operations and potentially execute remote code. The flaw affects Splunk Enterprise versions below 10.2.4 and 10.0.7, enabling unauthorized users to create or truncate files without authentication.
Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253, is rated 9.8 on the CVSS scoring system. "In Splunk Enterprise versions below 10.2.4 and 10.0.7, an unauthenticated user could create or truncate arbitrary
Originally published at thehackernews.com
60-minute technical evaluation, no obligation. We'll map the ideas in this article to your environment.
