Tag

#splunk

2 posts tagged #splunk.

Analysis · Jun 24, 2026 · Colten Anderson

Five edge and gateway bugs went under active attack in one week. Here is the patch order.

Ivanti Sentry, Splunk, FortiSandbox, Ubiquiti UniFi OS, and Cisco SD-WAN Manager were all under active exploitation in the same seven days. A ranked, operator-focused breakdown of what to patch first and why.
Analysis · Jun 20, 2026 · Colten Anderson

Splunk Enterprise 10 shipped an unauthenticated database endpoint on port 8000

CVE-2026-20253 (CVSS 9.8) exposes a PostgreSQL sidecar service introduced in Splunk Enterprise 10 with no HTTP-layer authentication, reachable through the same port as the login page. A published exploit chain reaches code execution in minutes. Exploitation is confirmed. The 'disable the sidecar' workaround breaks SPL2 and Edge Processor.