Description
In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Splunk / Splunk Enterprise10.2 – 10.2.4
- Splunk / Splunk Enterprise10.0 – 10.0.7
Exploits & proofs of concept
- nucleiSplunk Enterprise & Cloud Platform - Unrestricted File Uploadby watchtowrlabs,DhiyaneshDk
References
- VENDOR_ADVISORYhttps://advisory.splunk.com/advisories/SVD-2026-0603