CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

Splunk security advisory (AV26-586) – Update 1

unknownknown exploitedpublic exploitCVE-2026-20253
Actively exploited. At least one CVE in this advisory is listed in the CISA Known Exploited Vulnerabilities catalog — exploitation has been observed in the wild. Treat remediation as urgent.
Serial number: AV26-586 Date: June 10, 2026 Update: June 18, 2026 On June 10, 2026, Splunk published security advisories to address vulnerabilities in the following products: Splunk SOAR – versions prior to 8.5.0 Splunk Enterprise – multiple versions and platforms Splunk Cloud Platform – multiple versions and platforms Update 1 On June 18, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-20253 to their Known Exploited Vulnerabilities (KEV) Database. The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates. Splunk Security Advisories CISA KEV: CVE-2026-20253

CSIRTS triage

What
This advisory addresses vulnerabilities in Splunk products.
Who is affected
Users of Splunk SOAR, Splunk Enterprise, and Splunk Cloud Platform are affected.
Urgency
Remediation is important as exploitation is known and vulnerabilities are present.
Action
Update to Splunk SOAR version 8.5.0 or later.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch Splunk SOAR, Splunk Enterprise, Splunk Cloud Platform

Get an email when a new Splunk SOAR, Splunk Enterprise, Splunk Cloud Platform advisory drops — max one per day, one-click unsubscribe.

Details

Source
Canadian Centre for Cyber Security (CA · national-cert · site)
Severity
unknown
Published
2026-06-18
Exploitation
Observed in the wild (CISA KEV)

Original advisory: https://cyber.gc.ca/en/alerts-advisories/splunk-security-advisory-av26-586

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-20253coverage & exploitation statusNVD · CVE.org

Same CVEs, other sources

How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.

More from Canadian Centre for Cyber Security