Splunk security advisory (AV26-586) – Update 1
Actively exploited. At least one CVE in this advisory is listed in the CISA Known Exploited Vulnerabilities catalog — exploitation has been observed in the wild. Treat remediation as urgent.
Serial number: AV26-586 Date: June 10, 2026 Update: June 18, 2026 On June 10, 2026, Splunk published security advisories to address vulnerabilities in the following products: Splunk SOAR – versions prior to 8.5.0 Splunk Enterprise – multiple versions and platforms Splunk Cloud Platform – multiple versions and platforms Update 1 On June 18, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-20253 to their Known Exploited Vulnerabilities (KEV) Database. The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates. Splunk Security Advisories CISA KEV: CVE-2026-20253
CSIRTS triage
- What
- This advisory addresses vulnerabilities in Splunk products.
- Who is affected
- Users of Splunk SOAR, Splunk Enterprise, and Splunk Cloud Platform are affected.
- Urgency
- Remediation is important as exploitation is known and vulnerabilities are present.
- Action
- Update to Splunk SOAR version 8.5.0 or later.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Splunk SOAR, Splunk Enterprise, Splunk Cloud Platform
Get an email when a new Splunk SOAR, Splunk Enterprise, Splunk Cloud Platform advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://cyber.gc.ca/en/alerts-advisories/splunk-security-advisory-av26-586
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Exploitation confirmedCVE-2026-20253Already exploited in the wild (CISA KEV) — the prediction phase is over. Patch now. Riskier than 100% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-20253 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- unknownexploitedNCSC-2026-0198 [1.01] [M/H] Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platformncsc-nl
- criticalexploitedCVE-2026-20253: Splunk Enterprise Missing Authentication for Critical Function Vulnerabilitycisa-kev
More from Canadian Centre for Cyber Security
- unknownBitWarden security advisory (AV26-683)2026-07-10
- criticalAL25-007 - Vulnerability impacting Roundcube Webmail – CVE-2025-49113 – Update 12026-07-10
- unknownMicrosoft Edge security advisory (AV26-682)2026-07-10
- criticalBroadcom VMware security advisory (AV26-681)2026-07-10
- unknownDjango security advisory (AV26-084) – Update 12026-07-09