{
  "variant_id": "cve-2026-20253-variant-database-injection-bypass",
  "created_at": "2026-07-07T20:14:00Z",
  "variant_summary": "Authenticated bypass of the Splunk Enterprise 10.0.7 fix for CVE-2026-20253. The fix added authentication on backup/restore endpoints and changed backupFile to backupName (filename-only), but did NOT sanitize the database parameter, which is still passed as a raw libpq connection string to pg_dump/pg_restore. An authenticated attacker can inject hostaddr=<attacker-ip> to redirect pg_dump at an attacker-controlled Postgres (dumping a malicious DB with lo_export payload), then inject passfile=<.pgpass> + dbname=template1 to redirect pg_restore at the local Splunk Postgres as the postgres_admin superuser. The CHECK constraint in the malicious dump fires lo_export, writing attacker-controlled bytes to an arbitrary path (overwriting a default-enabled modular-input script). Splunk's scheduler then executes the overwritten script as the splunk user, achieving RCE on the FIXED build with the same impact as the original unauthenticated CVE.",
  "relation": "newer_version_sibling",
  "origin_kind": "pruva_variant",
  "repository": "splunk/splunk",
  "submitted_target": {
    "target_kind": "docker_image",
    "commit_sha": "sha256:f3c444ec113bba9456e4ac0879d92503072f3b09721bef97a19637954328d6fd",
    "version": "10.0.6",
    "ref": "10.0.6",
    "display": "splunk/splunk:10.0.6 (vulnerable)"
  },
  "variant_target": {
    "target_kind": "docker_image",
    "commit_sha": "sha256:e47c0e002bd7f9f0ac38dd32a121ee542ab8b98c8042999ea64437be48e24d4b",
    "version": "10.0.7",
    "ref": "10.0.7",
    "display": "splunk/splunk:10.0.7 (fixed - bypass target)"
  },
  "same_root_cause_confidence": "high",
  "same_surface_confidence": "high",
  "claimed_surface": "api_remote",
  "validated_surface": "api_remote",
  "required_entrypoint_kind": "endpoint",
  "required_entrypoint_detail": "Splunk Web (port 8000) proxied PostgreSQL sidecar recovery/backup+restore endpoints, AUTHENTICATED with a Splunk session token, reached from a remote network attacker container on a shared Docker network",
  "attacker_controlled_input": "Authenticated HTTP POST to /en-US/splunkd/__raw/v1/postgres/recovery/backup and /restore on Splunk Web (port 8000) with Authorization: Splunk <token>. The attacker controls: (1) database=hostaddr=<attacker-ip> dbname=testdb (libpq connection string injection to redirect pg_dump at an attacker-controlled Postgres), (2) database=dbname=template1 passfile=<.pgpass> (passfile injection to redirect pg_restore at the local Splunk Postgres as postgres_admin superuser), (3) the malicious database content (PL/pgSQL pwn() function with lo_from_bytea+lo_export embedded in a CHECK constraint). The backupName parameter is validated (filename-only) but the lo_export target path is in the database content, not the API parameter.",
  "trigger_path": "Remote attacker -> authenticate (POST /services/auth/login) -> Splunk Web :8000 (auth) -> proxied PostgreSQL sidecar /v1/postgres/recovery/backup (pg_dump of attacker DB via hostaddr= injection -> BackupComplete) -> /v1/postgres/recovery/restore (pg_restore into local template1 via passfile= injection as postgres_admin superuser; CHECK constraint fires PL/pgSQL lo_export writing attacker Python over the default-enabled ssg_enable_modular_input.py) -> Splunk modular-input scheduler executes the overwritten script as the splunk user -> /tmp/pwned/MARKER with uid=...(splunk). Confirmed on FIXED 10.0.7 build.",
  "observed_impact_class": "code_execution",
  "exploitability_confidence": "high",
  "evidence_scope": "production_path",
  "runtime_manifest_present": true,
  "end_to_end_target_reached": true,
  "inferred": false,
  "claim_block_reason": null,
  "blocking_mitigation": null,
  "file_path": "postgres-service/internal/postgres/postgres_recovery_manager.go",
  "line_start": 181,
  "line_end": 203,
  "secondary_anchors": [
    {
      "file_path": "postgres-service/api/server.go",
      "line_start": 225,
      "line_end": 283
    }
  ],
  "review_scope_paths": [
    "postgres-service/internal/postgres/postgres_recovery_manager.go",
    "postgres-service/api/server.go",
    "postgres-service/internal/postgres/"
  ],
  "artifact_refs": {
    "variant_manifest": "bundle/vuln_variant/variant_manifest.json",
    "validation_verdict": "bundle/vuln_variant/validation_verdict.json",
    "runtime_manifest": "bundle/vuln_variant/runtime_manifest.json",
    "repro_log": "bundle/logs/vuln_variant/variant_reproduction.log",
    "root_cause_equivalence": "bundle/vuln_variant/root_cause_equivalence.json",
    "reproducer": [
      "bundle/vuln_variant/reproduction_steps.sh",
      "bundle/vuln_variant/variant_bypass_proof.txt",
      "bundle/vuln_variant/variant_rce_marker.txt"
    ]
  }
}
