{
  "title": "Splunk Enterprise CVE-2026-20253: KEV Arbitrary File Creation via PostgreSQL Sidecar",
  "summary": "CISA added Splunk Enterprise CVE-2026-20253 to KEV on 2026-06-18. The vulnerability allows an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint in affected Splunk Enterprise releases.",
  "date": "2026-06-18",
  "severity": "critical",
  "tags": [
    "splunk",
    "cisa-kev",
    "cwe-306",
    "file-write",
    "filesystem-integrity",
    "credential-exposure"
  ],
  "sources_count": 3,
  "indicators": {
    "slug": "splunk-enterprise-cve-2026-20253-kev",
    "since": "2026-06-18T00:00:00Z",
    "until": "2026-06-18T23:59:59Z",
    "ecosystem": "",
    "cves": [
      "CVE-2026-20253"
    ],
    "cwes": [
      "CWE-306"
    ],
    "advisoryIds": [],
    "products": [],
    "packages": [],
    "versions": [],
    "affectedVersions": [],
    "fixedVersions": [],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [
      "advisory.splunk.com",
      "www.cisa.gov"
    ],
    "urls": [
      "https://advisory.splunk.com/advisories/SVD-2026-0603`",
      "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json`"
    ],
    "ips": [],
    "hashes": [],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": []
  }
}