CVE-2026-20253: Splunk Enterprise Missing Authentication for Critical Function Vulnerability

Splunk Enterprise has a critical security flaw where a PostgreSQL sidecar service endpoint (a supporting service that handles database connections) doesn't require authentication (proof of identity), allowing an attacker without credentials to create or delete arbitrary files. This vulnerability is currently being exploited in real attacks in the wild.