Splunk Secure Gateway jsonpickle deserialization RCE (CVSS 8.8) — assessed, no §2 gate (no ITW, post-auth); NCSC-NL advisory
cve · CVE-2026-20251
Coverage timeline
1
first 2026-06-16 → last 2026-06-16
Briefs
1
1 distinct
Sources cited
9
8 hosts
Sections touched
0
—
Co-occurring entities
0
no co-occurrence
Story timeline
- 2026-06-16CTI Daily Brief — 2026-06-16
Source distribution
- attack.mitre.org2 (22%)
- advisory.splunk.com1 (11%)
- blog.sekoia.io1 (11%)
- enisa.europa.eu1 (11%)
- labs.watchtowr.com1 (11%)
- securityaffairs.com1 (11%)
- thehackernews.com1 (11%)
- wpscan.com1 (11%)
External references
All cited sources (9)
- advisory.splunk.cominlineSplunk SVD-2026-0603https://advisory.splunk.com/advisories/SVD-2026-0603
- attack.mitre.orginlineCommand and Scripting Interpreterhttps://attack.mitre.org/techniques/T1059/
- attack.mitre.orginlineExploit Public-Facing Applicationhttps://attack.mitre.org/techniques/T1190/
- blog.sekoia.ioinlineSekoia TDR, 2026-06-11https://blog.sekoia.io/apt28-an-evolution-of-tradecraft/
- enisa.europa.euinlineENISA, 2026-06-11https://www.enisa.europa.eu/news/cyber-europe-2026-all-eyes-on-the-eus-collective-response-and-resilience
- labs.watchtowr.cominlinewatchTowr Labs, 2026-06-12https://labs.watchtowr.com/why-use-app-level-auth-when-every-database-has-auth-splunk-enterprise-cve-2026-20253-pre-auth-rce/
- securityaffairs.cominlineSecurity Affairs, 2026-06-11https://securityaffairs.com/193530/hacking/cve-2026-10520-exploited-ivanti-sentry-gateways-compromised-shortly-after-patch-release.html
- thehackernews.cominlineThe Hacker Newshttps://thehackernews.com/2026/06/critical-splunk-enterprise-flaw-lets.html
- wpscan.cominlineWPScan, 2026-06-11https://wpscan.com/vulnerability/68addf8c-9ea6-4b62-9f85-e95350b3992e/
Items in briefs about Splunk Secure Gateway jsonpickle deserialization RCE (CVSS 8.8) — assessed, no §2 gate (no ITW, post-auth); NCSC-NL advisory
No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.