GHSA-xgm5-jh99-wc4vCriticalCVSS 9.8

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below...

Published
June 10, 2026
Last Modified
June 10, 2026

🔗 CVE IDs covered (1)

📋 Description

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials.

🔗 References (3)