diff --git a/datasets/attack_techniques/T1210/splunk/SVD-2026-0603/SVD-2026-0603.yml b/datasets/attack_techniques/T1210/splunk/SVD-2026-0603/SVD-2026-0603.yml
new file mode 100644
index 000000000..a11545f63
--- /dev/null
+++ b/datasets/attack_techniques/T1210/splunk/SVD-2026-0603/SVD-2026-0603.yml
@@ -0,0 +1,13 @@
+author: Hiroaki Ogawa, Bhavin Patel, Splunk
+id: d1e1764c-68bc-4c6c-8913-05f899cd009d
+date: '2026-06-23'
+description: Generated datasets for SVD-2026-0603 unauthenticated arbitrary file creation via PostgreSQL sidecar service endpoint in Splunk Enterprise.
+environment: custom
+directory: SVD-2026-0603
+mitre_technique:
+- T1210
+datasets:
+- name: SVD-2026-0603_splunkd_ui_access.log
+  path: /datasets/attack_techniques/T1210/splunk/SVD-2026-0603/SVD-2026-0603_splunkd_ui_access.log
+  sourcetype: splunkd_ui_access
+  source: /opt/splunk/var/log/splunk/splunkd_ui_access.log
diff --git a/datasets/attack_techniques/T1210/splunk/SVD-2026-0603/SVD-2026-0603_splunkd_ui_access.log b/datasets/attack_techniques/T1210/splunk/SVD-2026-0603/SVD-2026-0603_splunkd_ui_access.log
new file mode 100644
index 000000000..61b167c3c
--- /dev/null
+++ b/datasets/attack_techniques/T1210/splunk/SVD-2026-0603/SVD-2026-0603_splunkd_ui_access.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fe7e31c93b5a0a3ea474c556e30c40eb2f448cc5446eade2e403b4023ce7ca04
+size 4411