Splunk Enterprise contains a critical pre-authentication remote code execution vulnerability (CVE-2026-20253, CVSS 9.5) affecting versions 10.0.0 through 10.0.6 and 10.2.0 through 10.2.3, with a working public exploit published June 13, 2026. A successful attack gives an unauthenticated attacker full control of the Splunk server, including access to all indexed log data, the ability to destroy security visibility, and a pivot point into the broader enterprise network. Patched versions are available (10.0.7 and 10.2.4); Splunk Cloud is not affected.