HighPublic exploit

Remote Code Execution in Splunk Secure Gateway via jsonpickle Deserialization

IdentifiersCVE-2026-20251CWE-502· Deserialization of Untrusted Data

CVE-2026-20251 is a high-severity authenticated remote code execution vulnerability affecting Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13; Splunk Cloud Platform versions below 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132; and Splunk Secure Gateway versions below 3.10.6, 3.9.20, and 3.8.67. The flaw exists in the Splunk Secure Gateway alert processing pipeline, where attacker-controlled documents from the App Key Value Store, specifically the mobile_alerts collection, are deserialized using the Python jsonpickle library. Because jsonpickle.decode() can reconstruct arbitrary Python objects from crafted JSON, unsafe deserialization can lead to code execution. Supporting reporting indicates a validator intended to block dangerous content can be bypassed by placing an allowed py/object key first, causing the validator to return success before inspecting sibling malicious keys such as py/reduce. When the crafted KV Store document is later processed by Splunk Secure Gateway, the malicious object is reconstructed and arbitrary OS commands can be executed on the Splunk host.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows a low-privileged authenticated attacker who does not have the Splunk 'admin' or 'power' roles to execute arbitrary code on the Splunk host. This can result in full compromise of the Splunk application context, execution of operating system commands, unauthorized access to data available to the Splunk service account, modification of Splunk configuration or app content, and potential follow-on actions such as persistence or lateral movement depending on host privileges and environment configuration.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, disable or remove the Splunk Secure Gateway app as a temporary mitigation. Supporting content notes this may disable related functionality including Splunk Mobile, Spacebridge, and Mission Control integrations. Restrict low-privileged user access where feasible and monitor for suspicious writes to the mobile_alerts KV Store collection or anomalous use of Splunk REST API endpoints associated with Secure Gateway alert processing.

Remediation

Patch, then assume compromise.

Upgrade affected products to fixed versions. For Splunk Enterprise, upgrade to 10.2.4, 10.0.7, 9.4.12, 9.3.13, or later fixed releases. For Splunk Cloud Platform, upgrade to 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, 9.3.2411.132, or later. For Splunk Secure Gateway, upgrade to 3.10.6, 3.9.20, 3.8.67, or later. Apply the vendor-provided patched versions across both the core platform and the Splunk Secure Gateway app where applicable.

PUBLIC EXPLOITS

Exploits

1 valid exploit after Mallory filtered fakes, detection scripts, and README-only repos.

VALID 1 / 1 TOTALView more in app

CVE-2026-20251MaturityPoCVerified exploit

Repository is a small proof-of-concept package for CVE-2026-20251 affecting Splunk Secure Gateway. It contains one executable Python PoC (poc_cve_2026_20251.py) plus supporting documentation in README.md, hashnode-article.md, and engagement.json. The PoC is not a full end-to-end remote exploit client; instead it demonstrates the two critical exploit primitives that compose the real attack chain: (1) bypass of Splunk Secure Gateway's check_alert_data_valid_json() validator by placing an allowed top-level 'py/object' key first and hiding a malicious sibling 'notification' value containing a py/reduce gadget, and (2) execution of that gadget through jsonpickle.decode(..., safe=True), proving the safe flag does not block py/reduce/function/object restoration paths. The exploit capability described by the repository is authenticated remote code execution on the Splunk host as the Splunk service account, achieved by writing a crafted document into the 'mobile_alerts' KV Store collection via Splunk's REST/API workflow and waiting for Secure Gateway to deserialize it. The included payload is intentionally benign: subprocess.check_output(['uname','-a']) to print system information. Fingerprintable targets and context include the local test host 127.0.0.1, Splunk management port 8089, KV Store/mongod port 8191, the SSG bundled library path /Applications/Splunk/etc/apps/splunk_secure_gateway/lib, and vulnerable source files under bin/spacebridgeapp/. Overall, this is a credible, non-weaponized Python POC focused on vulnerability verification and exploit-chain explanation rather than automated exploitation.

reactivezeroDisclosed Jun 26, 2026pythonmarkdownnetworkweb

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

SplunkCloud Platformapplication

SplunkEnterpriseapplication

SplunkSecure Gatewayapplication

SplunkSplunkapplication

SplunkSplunk Cloud Platformapplication

SplunkSplunk Secure Gatewayapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

14 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

14 SOURCESView more in app

cyber security newsNews

Jun 29, 2026

Public PoC Released for Deserialization RCE Vulnerability in Splunk Secure Gateway

A high-severity authenticated remote code execution vulnerability in Splunk Secure Gateway caused by unsafe jsonpickle deserialization and a validator bypass in the alert processing pipeline.

thecybersecguruNews

Jun 14, 2026

CVE-2026-20253: Splunk Pre-Auth RCE via PostgreSQL Sidecar | The CyberSec Guru

A Splunk Secure Gateway and App Key Value Store insecure deserialization vulnerability caused by use of jsonpickle. An attacker with low-privilege access who can write crafted payloads to KV Store can achieve code execution.

security online infoNews

Jun 11, 2026

Splunk Enterprise Vulnerabilities: CVSS 9.8 Flaw Uncovered

A remote code execution vulnerability in Splunk Enterprise's Splunk Secure Gateway application caused by unsafe deserialization of App Key Value Store data through the jsonpickle Python library.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity11

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-20251

NVD

nvd.nist.gov/vuln/detail/CVE-2026-20251

MITRE CWE · CWE-502

Deserialization of Untrusted Data

Vendor Advisory

advisory.splunk.com/advisories/SVD-2026-0601