Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: postgresql (3 articles)Clear

Critical Splunk Enterprise flaw allows unauthenticated remote code execution

Splunk has patched a critical flaw in Splunk Enterprise that lets an unauthenticated attacker run code on the server, a serious risk given Splunk often sits at the heart of a company's security monitoring. The bug (CVE-2026-20253, rated 9.8) is in the PostgreSQL sidecar service added in Splunk 10, whose internal API has no authentication yet is reachable through the main web app's proxy. An attacker can write or overwrite files on the host and chain that into remote code execution. The sidecar is off by default on on-premises Windows but enabled out of the box on Splunk Enterprise running in AWS. Splunk Cloud is not affected.

Check
Check Splunk Enterprise versions and whether the PostgreSQL sidecar service is enabled, especially on AWS-hosted instances, and use watchTowr's detection tool to test for unauthenticated access to the API.
Affected
Splunk Enterprise 10 and later below versions 10.2.4 and 10.0.7 with the PostgreSQL sidecar service active (CVE-2026-20253); AWS-hosted instances are exposed by default. Splunk Cloud is unaffected.
Fix
Upgrade Splunk Enterprise to 10.2.4 or 10.0.7 or later immediately. Until patched, restrict network access to the web interface and sidecar endpoints, and disable the sidecar service if unused.

Drupal critical SQL injection CVE-2026-9082 now actively exploited in PostgreSQL sites, added to CISA KEV - patch immediately

Drupal has issued an update to its highly critical PSA-2026-05-18 advisory confirming that exploit attempts for CVE-2026-9082 are now being detected in the wild. The bug is an SQL injection in Drupal's database abstraction API that lets unauthenticated requests trigger arbitrary SQL on sites running PostgreSQL, with possible escalation to RCE, privilege escalation, and information disclosure. Drupal rates it 23 out of 25 internally though NIST's CVSS v3 score is a mismatched 6.5. CISA added it to KEV on May 22. Affected versions cover Drupal 8.9.x and all 10.x and 11.x branches up to 10.4.10, 10.5.10, 10.6.9, 11.1.10, 11.2.12, and 11.3.10.

Check
Inventory Drupal sites, confirm core version, and identify PostgreSQL deployments (highest impact). Search web access logs for unusual database errors or SQL-pattern requests since 2026-05-20.
Affected
Drupal core 8.9.x, 10.4.x before 10.4.10, 10.5.x before 10.5.10, 10.6.x before 10.6.9, and all 11.x before 11.1.10/11.2.12/11.3.10. PostgreSQL backends face RCE; MySQL still needs the upgrade for Symfony/Twig.
Fix
Upgrade to the patched branch immediately. FCEB agencies must remediate by June 12 per CISA KEV. Apply WAF rules blocking suspicious SQL injection patterns until the patch lands.

Drupal ships highly critical PostgreSQL RCE fix across 11.x and 10.x - SA-CORE patches now live, Drupal 7 unaffected

Drupal has shipped the highly critical core security release teased by PSA-2026-05-18. The flaw lets attackers achieve remote code execution on Drupal sites running PostgreSQL backends. Fixed versions are 11.3.10, 11.2.12, 11.1.10, 10.6.9, 10.5.10, and 10.4.10. The releases for supported branches also pull in upstream Symfony and Twig security fixes, making the upgrade essential even on MySQL deployments. Best-effort manual patches are available for end-of-life Drupal 9.5 and 8.9. Drupal 7 is not affected. The Drupal Security Team had warned that working exploits could follow within hours of disclosure, so administrators should patch now.

Check
Inventory Drupal sites, confirm core version, and identify PostgreSQL-backed deployments (highest-impact path). Check for unusual database queries or admin-account changes during the May 20 disclosure window.
Affected
Drupal core 11.3.x, 11.2.x, 11.1.x, 10.6.x, 10.5.x, 10.4.x. Best-effort patches for EOL 9.5 and 8.9. Drupal 7 not affected. PostgreSQL backends face RCE; MySQL deployments still need the upgrade.
Fix
Upgrade Drupal core to 11.3.10, 11.2.12, 11.1.10, 10.6.9, 10.5.10, or 10.4.10 immediately. For EOL 9.5 and 8.9, apply the manual patches and plan migration to a supported branch.