What happened
Splunk Enterprise contains a critical vulnerability in its PostgreSQL sidecar service endpoint that allows unauthenticated attackers to create or truncate arbitrary files. Researchers at WatchTowr published a PoC within 48 hours of disclosure, and CISA added it to the KEV catalog on 2026-06-18 after confirming active in-the-wild exploitation by June 12. The vulnerability enables full system compromise.
Why it matters
Splunk is a critical AI/ML observability and monitoring infrastructure component used to track LLM inference, agent behavior, and data pipelines. Compromise of Splunk deployments directly exposes all stored AI model logs, prompts, responses, and inference metadata. An attacker gains administrative access to the entire security and observability layer of an AI deployment.
Attack vector
Unauthenticated attacker reaches the exposed PostgreSQL sidecar service endpoint and invokes file creation/truncation operations to write files to arbitrary filesystem locations, leading to RCE
Affected systems
Splunk Enterprise 10.0.x and 10.2.x versions below 10.0.7 and 10.2.4
Mitigation
Update to Splunk Enterprise 10.0.7 or 10.2.4 or later; CISA deadline June 21, 2026