Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar...

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.<br><br>The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials.

AI Analysis

Unauthenticated arbitrary file creation and truncation vulnerability in Splunk Enterprise due to lack of authentication controls in PostgreSQL sidecar service endpoint

Basic Information

ID CVE-2026-20253

Source cisco

Published Jun 10, 2026 at 17:16

Modified Jun 10, 2026 at 18:22

Affected Product

Vendor Splunk

Product Splunk Enterprise

Version 10.2

Affected Versions Splunk Splunk Enterprise 10.2
Splunk Splunk Enterprise 10.0
Splunk Splunk Cloud Platform 10.4.2604
Splunk Splunk Cloud Platform 10.2.2510

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Splunk

Product Splunk Enterprise

Version 10.2, 10.0, 10.4.2604, 10.2.2510

References

advisory.splunk.com /advisories/SVD-2026-0603

{
    "lastseen": "",
    "description": "In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.<br><br>The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials.",
    "published": "2026-06-10T17:16:21.242Z",
    "modified": "2026-06-10T18:22:53.072Z",
    "type": "cve",
    "title": "Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise",
    "source": "cisco",
    "references": "https://advisory.splunk.com/advisories/SVD-2026-0603",
    "id": "CVE-2026-20253",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Splunk Splunk Enterprise 10.2\nSplunk Splunk Enterprise 10.0\nSplunk Splunk Cloud Platform 10.4.2604\nSplunk Splunk Cloud Platform 10.2.2510",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Splunk Enterprise",
    "version": "10.2",
    "vendor": "Splunk",
    "ai_description": "Unauthenticated arbitrary file creation and truncation vulnerability in Splunk Enterprise due to lack of authentication controls in PostgreSQL sidecar service endpoint",
    "ai_severity": "Critical",
    "ai_vendor": "Splunk",
    "ai_product": "Splunk Enterprise",
    "ai_version": "10.2, 10.0, 10.4.2604, 10.2.2510",
    "ai_score": 9.8
}

Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise_CVE-2026-20253