Unauthenticated arbitrary file create/truncate in Splunk Enterprise and Splunk Cloud Platform PostgreSQL sidecar (CVE-2026-20253)
critical-cve-against-infra · active
A critical vulnerability in Splunk Enterprise and Splunk Cloud Platform lets an unauthenticated, network-reachable attacker create or truncate arbitrary files via a PostgreSQL sidecar service endpoint that lacks authentication controls. Affected deployments should upgrade to fixed versions immediately.