CISA adds Splunk Enterprise CVE-2026-20253 to exploited list; agencies ordered to patch

AI-Generated Summary

2 sources

18 hours ago

1 views

CISA adds Splunk Enterprise CVE-2026-20253 to exploited list; agencies ordered to patch

Key Points

CISA lists CVE-2026-20253 in the Known Exploited Vulnerabilities catalog for exploited in-the-wild activity.
CVE-2026-20253 is an unauthenticated remote code execution flaw affecting Splunk Enterprise.
Both reports state vendors/confirming parties indicate the vulnerability is actively exploited.
CISA issues mitigation/patching instructions with an expedited deadline for US federal civilian agencies (June 21, 2026; described as about three days).
Reported indicators of compromise include suspicious requests with path traversal patterns such as “../” and related PostgreSQL connection parameters.

CISA adds CVE-2026-20253, a critical unauthenticated remotely exploitable vulnerability in Splunk Enterprise, to its Known Exploited Vulnerabilities catalog. Both reports say the flaw is being exploited in the wild. SecurityWeek notes that CISA instructs US federal civilian agencies to apply mitigations within a short window, described as three days, after the listing. Help Net Security similarly reports a compliance deadline of June 21, 2026.

The two sources also cite confirmation of active exploitation by Splunk’s vendor and Resecurity, with Resecurity warning that successful exploitation could lead to full system compromise. Help Net Security adds that organizations should prioritize patching and review for potential indicators of compromise, including requests that contain path traversal sequences such as “../” and evidence related to PostgreSQL connection parameters.

Overall, the reports emphasize the immediacy of the threat, the lack of authentication required for exploitation, and the expectation that agencies move quickly to patch Splunk Enterprise systems and check for signs of malicious activity tied to attempts exploiting CVE-2026-20253.

How Outlets Covered This Story

HEL

Help Net Security

Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253)

CISA has added CVE-2026-20253, a critical, remotely exploitable vulnerability in Splunk Enterprise, to its Known Exploited Vulnerabilities catalog, and ordered US federal civilian agencies to apply mitigations by June 21, 2026. In-the-wild exploitation has also been confirmed by the vendor and Resecurity, who said that its potential for full system compromise should push organizations to prioritize patching and review systems for indicators of compromise such as: Requests containing path traversal sequences (../) PostgreSQL connection parameters … More → The post Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253) appeared first on Help Net Security.

19 hours ago

SEC

SecurityWeek

Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure

CISA has given federal agencies only three days to patch CVE-2026-20253, which can be exploited for unauthenticated remote code execution. The post Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure appeared first on SecurityWeek.

1 day ago

We use cookies

This website uses cookies in order to enhance the overall user experience.

Take a look at our Cookies Policy for more information.

CISA adds Splunk Enterprise CVE-2026-20253 to exploited list; agencies ordered to patch

Edinburgh Airport evacuated as police bomb squad responds to suspicious package

Tropical Storm Arthur’s remnants bring heavy rain, flooding, and tornado warnings to U.S. Gulf

Bedford train collision: two East Midlands Railway services involved, casualties reported