CVE-2026-20253 is a critical unauthenticated vulnerability in Splunk Enterprise’s PostgreSQL sidecar service endpoint that allows remote attackers to create or truncate arbitrary files on the underlying host without any credentials, with a credible path to remote code execution. Active exploitation is confirmed, a public proof-of-concept is circulating, and the EPSS score places this at the 95th percentile for near-term exploitation probability. Internet-exposed Splunk instances on versions 10.2.0 through 10.2.3 or 10.0.0 through 10.0.6 are at immediate material risk.