Federal Agencies Urged to Patch Critical Splunk Vulnerability by CISA

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Splunk Enterprise vulnerability (CVE-2026-20253) to its catalog of actively exploited flaws. Federal agencies are mandated to apply patches by Sunday to address this improper authentication vulnerability. The flaw allows unauthenticated remote attackers to create or truncate arbitrary files, with Splunk confirming limited exploitation in the wild and releasing necessary software updates.