Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure

“In June 2026, the Splunk Product Security Incident Response Team (PSIRT) became aware of limited exploitation of this vulnerability,” Splunk said. “Splunk strongly recommends that customers upgrade to a fixed software release to remediate this vulnerability.”There does not appear to be any publicly available information about the attacks involving CVE-2026-20253, but many enterprises may be at risk.CISA added CVE-2026-20253to its Known Exploited Vulnerabilities (KEV) catalog on June 18 and instructed federal agencies to address it by June 21. This is the first Splunk flaw added to CISA’s KEV list.Related:Atlassian, Splunk Patch Critical VulnerabilitiesRelated:Majority of Internet-Accessible REDCap Servers OutdatedRelated:F5 Patches Critical, High-Severity NGINX VulnerabilitiesRelated:Critical Command Execution Vulnerability Patched in Cisco ISE

There does not appear to be any publicly available information about the attacks involving CVE-2026-20253, but many enterprises may be at risk.CISA added CVE-2026-20253to its Known Exploited Vulnerabilities (KEV) catalog on June 18 and instructed federal agencies to address it by June 21. This is the first Splunk flaw added to CISA’s KEV list.Related:Atlassian, Splunk Patch Critical VulnerabilitiesRelated:Majority of Internet-Accessible REDCap Servers OutdatedRelated:F5 Patches Critical, High-Severity NGINX VulnerabilitiesRelated:Critical Command Execution Vulnerability Patched in Cisco ISE

CISA added CVE-2026-20253to its Known Exploited Vulnerabilities (KEV) catalog on June 18 and instructed federal agencies to address it by June 21. This is the first Splunk flaw added to CISA’s KEV list.Related:Atlassian, Splunk Patch Critical VulnerabilitiesRelated:Majority of Internet-Accessible REDCap Servers OutdatedRelated:F5 Patches Critical, High-Severity NGINX VulnerabilitiesRelated:Critical Command Execution Vulnerability Patched in Cisco ISE

Related:Atlassian, Splunk Patch Critical VulnerabilitiesRelated:Majority of Internet-Accessible REDCap Servers OutdatedRelated:F5 Patches Critical, High-Severity NGINX VulnerabilitiesRelated:Critical Command Execution Vulnerability Patched in Cisco ISE

Related:Majority of Internet-Accessible REDCap Servers OutdatedRelated:F5 Patches Critical, High-Severity NGINX VulnerabilitiesRelated:Critical Command Execution Vulnerability Patched in Cisco ISE

Related:F5 Patches Critical, High-Severity NGINX VulnerabilitiesRelated:Critical Command Execution Vulnerability Patched in Cisco ISE

Related:Critical Command Execution Vulnerability Patched in Cisco ISE

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.

AI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.

Source: SecurityWeek