CVE-2026-20253 is a CISA KEV-listed, actively exploited critical RCE vulnerability in Splunk Enterprise that allows unauthenticated attackers to write arbitrary files and achieve full system compromise on versions 10.0.0 through 10.0.6 and 10.2.0 through 10.2.3. The attack surface is an exposed, unauthenticated PostgreSQL sidecar service endpoint, and a public proof-of-concept has been available since June 12, 2026. Compromise of a Splunk Enterprise instance means an attacker can tamper with or suppress the security telemetry that defenders rely on, effectively blinding the SOC while an intrusion proceeds.