WatchTowr Labs detailed the exploitation of CVE-2026-20253, a critical pre-authentication Remote Code Execution (RCE) vulnerability in Splunk Enterprise. By abusing unauthenticated PostgreSQL Sidecar Service endpoints and injecting connection string parameters, attackers can force the server to connect to an external database, write malicious files to the filesystem, and overwrite legitimate scripts to achieve arbitrary code execution.