Skip to content

Splunk漏洞被主动利用,紧急修补

Bleeping Computer · Story 2 of 6

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that threat actors are actively exploiting CVE-2026-20253, a critical vulnerability in Splunk Enterprise that allows remote code execution. The vulnerability affects versions 10.2.0 to 10.2.3 and 10.0.0 to 10.0.6, and exists because the PostgreSQL sidecar service endpoint lacks authentication controls. CISA has ordered federal agencies to patch their Splunk instances by Sunday, June 23, as mandated by Binding Operational Directive (BOD) 26-04. The vulnerability can allow attackers to create or truncate arbitrary files on vulnerable devices, potentially enabling complete system compromise. Shadowserver tracks over 1,400 internet-exposed Splunk instances, with 952 in North America alone.

Analysis
Live

For builders and ops teams in MENA, this is a stark reminder that even enterprise-grade tools aren't immune - Saudi's new $77 billion AI initiative will need these security protocols.

Frequently Asked Questions
How serious is this Splunk vulnerability?

Critical CVSS 9.8, allows remote code execution, and is actively exploited by attackers targeting enterprise security.

How quickly should I patch if I'm running Splunk?

Immediately - CISA ordered federal agencies to patch by Sunday, and the vulnerability allows unauthenticated RCE.