tlder@devCISA KEV Deadline Passes for Splunk Enterprise Unauthenticated File Truncation Bug
tlder@dev:~$
Security/CVEs/Advisories

CISA KEV Deadline Passes for Splunk Enterprise Unauthenticated File Truncation Bug

  • Deadline
  • Action required
  • High importance

CVE-2026-20253 is a CWE-306 (missing authentication) finding in Splunk Enterprise. The vulnerable PostgreSQL sidecar endpoint accepts unauthenticated requests and exposes file create and truncate primitives — unauthenticated file truncation via a database sidecar is an ugly attack surface, since truncating log or config files can blind monitoring pipelines before a follow-on intrusion begins. CISA added the CVE to the Known Exploited Vulnerabilities catalog and set June 21 as the action-due date for federal agencies. If your Splunk deployment is internet-exposed or reachable from an untrusted network segment, treat this as urgent regardless of whether you are bound by CISA deadlines.