Storia in 2 fonti

CISA: Splunk Enterprise flaw actively exploited, patch by Sunday

CISA has urged U.S. federal agencies to secure their systems by Sunday against a critical Splunk Enterprise vulnerability that is being exploited in attacks.

Raccontata da

securityweek.com

bleepingcomputer.com

Confronto fonti

2 prospettive sulla stessa storia

AI · summaries

bleepingcomputer.comStai leggendo5 g fa

CISA: Splunk Enterprise flaw actively exploited, patch by Sunday

CISA ordina patch CVE-2026-20253 (Splunk 10.2-10.0 series) entro domenica per vulnerabilità autenticazione PostgreSQL; exploit attivo confermato in-the-wild. Trade-off: patch subito vs. disabilitare PostgreSQL (rompe pipeline Edge Processor/OpAmp/SPL2). BOD 26-04 CISA obbligatorio federale.

originale

securityweek.com5 g fa

Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure

CVE-2026-20253 in Splunk Enterprise 10.0-10.2 enables unauthenticated file operations via PostgreSQL sidecar, exploited within days of June 10 disclosure. First Splunk vulnerability in CISA's KEV catalog; enterprises running logging infrastructure must patch by June 21 to prevent unauthorized access to observability stack.

Timeline cronologica

venerdì 19 giugno 2026·securityweek.com
Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure
A critical Splunk Enterprise vulnerability tracked as CVE-2026-20253 is being exploited in attacks only days after its public disclosure.
venerdì 19 giugno 2026·bleepingcomputer.com
CISA: Splunk Enterprise flaw actively exploited, patch by Sunday
CISA has urged U.S. federal agencies to secure their systems by Sunday against a critical Splunk Enterprise vulnerability that is being exploited in attacks.