Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure

CISA has given federal agencies only three days to patch CVE-2026-20253, which can be exploited for unauthenticated remote code execution. The post Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure appeared first on SecurityWeek .

SecurityWeek reports that CVE-2026-20253, a critical Splunk Enterprise vulnerability (CVSS 9.8), is now being actively exploited shortly after disclosure and has been added to CISA’s Known Exploited Vulnerabilities list with a three-day federal patch deadline. Public analysis shows this flaw arises from an unauthenticated PostgreSQL sidecar endpoint that enables arbitrary file operations and can be chained to unauthenticated remote code execution on affected Splunk Enterprise versions, with patching as the primary remediation.[2][3][7][8] From a CyberSE.AI perspective, this highlights how widely used observability and logging platforms are part of the operational software supply chain that AI systems depend on; compromise of Splunk infrastructure can provide attackers with privileged telemetry, credentials, and pipeline access that indirectly threaten AI workloads and data. Organizations should inventory where Splunk underpins AI platforms, update SBOMs, and prioritize rapid patching and segmentation of Splunk components as part of a broader AI supply chain and readiness strategy.