Splunk Enterprise CVE-2026-20253: KEV-listed unauthenticated RCE via PostgreSQL sidecar
CVE-2026-20253 is a CVSS 9.8 missing-authentication flaw in Splunk Enterprise 10. CISA added it to KEV on June 18 with a three-day patch deadline. WatchTowr published a working RCE exploit.