Splunk Enterprise Vulnerabilities: Patch CVSS 9.8 Flaws

Security administrators must urgently patch multiple critical Splunk Enterprise vulnerabilities recently disclosed by the vendor. These highly severe flaws expose internal networks to devastating cyberattacks, including unauthorized file manipulation, severe cross-site scripting (XSS), and deep system compromise.

The most critical issue, tracked as CVE-2026-20253, carries an alarming CVSS 9.8 severity score. This bug allows unauthenticated arbitrary file creation and truncation within a PostgreSQL sidecar service endpoint. The official advisory clearly explains that this vulnerable endpoint “lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials.” Consequently, any unauthenticated attacker could easily exploit this CVSS 9.8 flaw to cripple underlying databases or plant malicious files on the host system.

Furthermore, another highly dangerous flaw heavily threatens the platform’s integrity. Tracked as CVE-2026-20251 (CVSS 8.8), this bug allows a low-privileged user to achieve Remote Code Execution (RCE) through the Splunk Secure Gateway application. The security report states that this RCE is “possible because of unsafe deserialization of App Key Value Store (KV Store) data through the ‘jsonpickle’ Python library.” Alarmingly, this library reconstructs arbitrary Python objects from specially crafted JSON inputs without adequate validation.

Additionally, the disclosure highlights two other notable Splunk Enterprise vulnerabilities. First, CVE-2026-20258 (CVSS 7.1) introduces a stored XSS vector within the classic dashboard interface. Attackers can “store a malicious script in a classic dashboard HTML panel, causing unauthorized JavaScript code to execute” in a victim’s browser. Meanwhile, CVE-2026-20252 (CVSS 7.6) permits Server-Side Request Forgery (SSRF) via the Dashboard Studio PDF export feature, enabling attackers to target internal destinations.

To mitigate these severe risks, organizations must act immediately. Administrators are strongly urged to upgrade Splunk Enterprise to versions 10.4.0, 10.2.4, 10.0.7, 9.4.12, or 9.3.13. For environments where immediate patching isn’t possible, turning off Splunk Web or disabling the Splunk Secure Gateway app serves as a temporary workaround.

For comprehensive technical details, please visit the official Splunk Security Advisory page. Ensure your infrastructure remains secure by applying these essential patches today!

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy

Do Son

Do Son (aka Ddos) is a seasoned news reporter, bringing over a decade of expertise to the forefront of cyber security and technology reporting. My work provides timely and insightful analysis of emerging trends and critical developments in these rapidly evolving sectors.