Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-20137 (GCVE-0-2026-20137)
Vulnerability from cvelistv5 – Published: 2026-02-18 16:45 – Updated: 2026-02-18 17:55
VLAI
EPSS
Title
Risky Commands Safeguards Bypass through preloaded Data Models due to Path Traversal vulnerability in Splunk Enterprise
Summary
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky commands when they create a Data Model that contains an injected SPL query within an object. They can bypass the safeguards by exploiting a path traversal vulnerability.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Splunk | Splunk Enterprise |
Affected:
10.2 , < 10.2.0
(custom)
Affected: 10.0 , < 10.0.3 (custom) Affected: 9.4 , < 9.4.5 (custom) Affected: 9.3 , < 9.3.7 (custom) Affected: 9.2 , < 9.2.9 (custom) |
|
| Splunk | Splunk Cloud Platform |
Affected:
10.1.2507 , < 10.1.2507.0
(custom)
Affected: 10.0 , < 10.0.2503.9 (custom) Affected: 9.3.2411 , < 9.3.2411.112 (custom) Affected: 9.3.2408 , < 9.3.2408.122 (custom) |
Date Public
2026-02-18 00:00
Credits
Anton (therceman)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20137",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T17:52:56.461958Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T17:55:22.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.2.0",
"status": "affected",
"version": "10.2",
"versionType": "custom"
},
{
"lessThan": "10.0.3",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.5",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.7",
"status": "affected",
"version": "9.3",
"versionType": "custom"
},
{
"lessThan": "9.2.9",
"status": "affected",
"version": "9.2",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.1.2507.0",
"status": "affected",
"version": "10.1.2507",
"versionType": "custom"
},
{
"lessThan": "10.0.2503.9",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.3.2411.112",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
},
{
"lessThan": "9.3.2408.122",
"status": "affected",
"version": "9.3.2408",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Anton (therceman)"
}
],
"datePublic": "2026-02-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the \"admin\" or \"power\" Splunk roles could bypass the SPL safeguards for risky commands when they create a Data Model that contains an injected SPL query within an object. They can bypass the safeguards by exploiting a path traversal vulnerability."
}
],
"value": "In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the \"admin\" or \"power\" Splunk roles could bypass the SPL safeguards for risky commands when they create a Data Model that contains an injected SPL query within an object. They can bypass the safeguards by exploiting a path traversal vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T16:45:17.606Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2026-0202"
}
],
"source": {
"advisory": "SVD-2026-0202"
},
"title": "Risky Commands Safeguards Bypass through preloaded Data Models due to Path Traversal vulnerability in Splunk Enterprise"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20137",
"datePublished": "2026-02-18T16:45:17.606Z",
"dateReserved": "2025-10-08T11:59:15.381Z",
"dateUpdated": "2026-02-18T17:55:22.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-20137",
"date": "2026-06-17",
"epss": "0.00222",
"percentile": "0.12567"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-20137\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2026-02-18T18:24:22.637\",\"lastModified\":\"2026-02-20T13:53:39.890\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the \\\"admin\\\" or \\\"power\\\" Splunk roles could bypass the SPL safeguards for risky commands when they create a Data Model that contains an injected SPL query within an object. They can bypass the safeguards by exploiting a path traversal vulnerability.\"},{\"lang\":\"es\",\"value\":\"En las versiones de Splunk Enterprise anteriores a 10.2.0, 10.0.3, 9.4.5, 9.3.7 y 9.2.9, y en las versiones de Splunk Cloud Platform anteriores a 10.1.2507.0, 10.0.2503.9, 9.3.2411.112 y 9.3.2408.122, un usuario con pocos privilegios que no posea los roles de Splunk \u0027admin\u0027 o \u0027power\u0027 podr\u00eda eludir las salvaguardas de SPL para comandos arriesgados cuando crea un Modelo de Datos que contiene una consulta SPL inyectada dentro de un objeto. Puede eludir las salvaguardas explotando una vulnerabilidad de salto de ruta.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N\",\"baseScore\":3.5,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.1,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":5.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.1,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"9.2.0\",\"versionEndExcluding\":\"9.2.9\",\"matchCriteriaId\":\"FE00218E-F8B2-42DA-9E4E-D7A00B657B93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"9.3.0\",\"versionEndExcluding\":\"9.3.7\",\"matchCriteriaId\":\"C6257ADA-AB6E-4679-A41B-BCE79CE8D573\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"9.4.0\",\"versionEndExcluding\":\"9.4.5\",\"matchCriteriaId\":\"30970DF3-6DA7-4FAB-B234-3226F47F9C87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.0.3\",\"matchCriteriaId\":\"CB313879-7BD8-411A-B503-01689F0B326E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.3.2408\",\"versionEndExcluding\":\"9.3.2408.122\",\"matchCriteriaId\":\"2EEE3994-A508-46E7-81D6-C038C68235E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.3.2411\",\"versionEndExcluding\":\"9.3.2411.112\",\"matchCriteriaId\":\"8C929336-F50D-4AFC-BCF9-CCA5BF89E599\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.2503\",\"versionEndExcluding\":\"10.0.2503.9\",\"matchCriteriaId\":\"62714243-8A5F-4908-BD39-7B1026B8E7D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk_cloud_platform:10.1.2507:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56CBDDE1-EBD2-4E82-A7B7-CE4F0F27BF21\"}]}]}],\"references\":[{\"url\":\"https://advisory.splunk.com/advisories/SVD-2026-0202\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-20137\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-18T17:52:56.461958Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-18T17:55:17.640Z\"}}], \"cna\": {\"title\": \"Risky Commands Safeguards Bypass through preloaded Data Models due to Path Traversal vulnerability in Splunk Enterprise\", \"source\": {\"advisory\": \"SVD-2026-0202\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Anton (therceman)\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 3.5, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Splunk\", \"product\": \"Splunk Enterprise\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.2\", \"lessThan\": \"10.2.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"10.0\", \"lessThan\": \"10.0.3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"9.4\", \"lessThan\": \"9.4.5\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"9.3\", \"lessThan\": \"9.3.7\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"9.2\", \"lessThan\": \"9.2.9\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Splunk\", \"product\": \"Splunk Cloud Platform\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.1.2507\", \"lessThan\": \"10.1.2507.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"10.0\", \"lessThan\": \"10.0.2503.9\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"9.3.2411\", \"lessThan\": \"9.3.2411.112\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"9.3.2408\", \"lessThan\": \"9.3.2408.122\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2026-02-18T00:00:00.000Z\", \"references\": [{\"url\": \"https://advisory.splunk.com/advisories/SVD-2026-0202\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the \\\"admin\\\" or \\\"power\\\" Splunk roles could bypass the SPL safeguards for risky commands when they create a Data Model that contains an injected SPL query within an object. They can bypass the safeguards by exploiting a path traversal vulnerability.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the \\\"admin\\\" or \\\"power\\\" Splunk roles could bypass the SPL safeguards for risky commands when they create a Data Model that contains an injected SPL query within an object. They can bypass the safeguards by exploiting a path traversal vulnerability.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-200\", \"description\": \"The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2026-02-18T16:45:17.606Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-20137\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-18T17:55:22.684Z\", \"dateReserved\": \"2025-10-08T11:59:15.381Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2026-02-18T16:45:17.606Z\", \"assignerShortName\": \"cisco\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2026-AVI-0188
Vulnerability from certfr_avis - Published: 2026-02-19 - Updated: 2026-02-19
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.0.x antérieures à 10.0.2503.9 | ||
| Splunk | Universal Forwarder | Splunk Universal Forwarder versions 9.4.x antérieures à 9.4.8 | ||
| Splunk | Universal Forwarder | Splunk Universal Forwarder versions 9.3.x antérieures à 9.3.9 | ||
| Splunk | Universal Forwarder | Splunk Universal Forwarder versions 10.0.x antérieures à 10.0.3 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.3.x antérieures à 9.3.9 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 10.0.x antérieures à 10.0.3 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.4.x antérieures à 9.4.8 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.2.x antérieures à 9.2.12 | ||
| Splunk | Splunk DB Connect | Splunk DB Connect versions 4.2.x antérieures à 4.2.0 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.1.2507 antérieures à 10.1.2507.11 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.0.2503 antérieures à 10.0.2503.9 | ||
| Splunk | Universal Forwarder | Splunk Universal Forwarder versions 9.2.x antérieures à 9.2.12 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.2.2510 antérieures à 10.2.2510.3 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.3.2411 antérieures à 9.3.2411.121 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Splunk Cloud Platform versions 10.0.x ant\u00e9rieures \u00e0 10.0.2503.9",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Universal Forwarder versions 9.4.x ant\u00e9rieures \u00e0 9.4.8",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Universal Forwarder versions 9.3.x ant\u00e9rieures \u00e0 9.3.9",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Universal Forwarder versions 10.0.x ant\u00e9rieures \u00e0 10.0.3",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.3.x ant\u00e9rieures \u00e0 9.3.9",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 10.0.x ant\u00e9rieures \u00e0 10.0.3",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.4.x ant\u00e9rieures \u00e0 9.4.8",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.2.x ant\u00e9rieures \u00e0 9.2.12",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk DB Connect versions 4.2.x ant\u00e9rieures \u00e0 4.2.0",
"product": {
"name": "Splunk DB Connect",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.1.2507 ant\u00e9rieures \u00e0 10.1.2507.11",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.0.2503 ant\u00e9rieures \u00e0 10.0.2503.9",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Universal Forwarder versions 9.2.x ant\u00e9rieures \u00e0 9.2.12",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.2.2510 ant\u00e9rieures \u00e0 10.2.2510.3",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 9.3.2411 ant\u00e9rieures \u00e0 9.3.2411.121",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2026-20140",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20140"
},
{
"name": "CVE-2025-53643",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53643"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2026-20139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20139"
},
{
"name": "CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"name": "CVE-2025-27210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27210"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2026-20138",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20138"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2026-20144",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20144"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2026-20143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20143"
},
{
"name": "CVE-2025-23166",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23166"
},
{
"name": "CVE-2026-20141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20141"
},
{
"name": "CVE-2026-20142",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20142"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2026-20137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20137"
}
],
"initial_release_date": "2026-02-19T00:00:00",
"last_revision_date": "2026-02-19T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0188",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
"vendor_advisories": [
{
"published_at": "2026-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0210",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0210"
},
{
"published_at": "2026-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0206",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0206"
},
{
"published_at": "2026-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0204",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0204"
},
{
"published_at": "2026-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0211",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0211"
},
{
"published_at": "2026-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0202",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0202"
},
{
"published_at": "2026-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0205",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0205"
},
{
"published_at": "2026-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0203",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0203"
},
{
"published_at": "2026-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0207",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0207"
},
{
"published_at": "2026-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0209",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0209"
},
{
"published_at": "2026-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0208",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0208"
},
{
"published_at": "2026-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0212",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0212"
}
]
}
FKIE_CVE-2026-20137
Vulnerability from fkie_nvd - Published: 2026-02-18 18:24 - Updated: 2026-06-17 10:17
Severity
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Summary
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky commands when they create a Data Model that contains an injected SPL query within an object. They can bypass the safeguards by exploiting a path traversal vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@cisco.com | https://advisory.splunk.com/advisories/SVD-2026-0202 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| splunk | splunk | * | |
| splunk | splunk | * | |
| splunk | splunk | * | |
| splunk | splunk | * | |
| splunk | splunk_cloud_platform | * | |
| splunk | splunk_cloud_platform | * | |
| splunk | splunk_cloud_platform | * | |
| splunk | splunk_cloud_platform | 10.1.2507 |
{
"affected": [
{
"affectedData": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.2.0",
"status": "affected",
"version": "10.2",
"versionType": "custom"
},
{
"lessThan": "10.0.3",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.5",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.7",
"status": "affected",
"version": "9.3",
"versionType": "custom"
},
{
"lessThan": "9.2.9",
"status": "affected",
"version": "9.2",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.1.2507.0",
"status": "affected",
"version": "10.1.2507",
"versionType": "custom"
},
{
"lessThan": "10.0.2503.9",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.3.2411.112",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
},
{
"lessThan": "9.3.2408.122",
"status": "affected",
"version": "9.3.2408",
"versionType": "custom"
}
]
}
],
"source": "psirt@cisco.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "FE00218E-F8B2-42DA-9E4E-D7A00B657B93",
"versionEndExcluding": "9.2.9",
"versionStartIncluding": "9.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C6257ADA-AB6E-4679-A41B-BCE79CE8D573",
"versionEndExcluding": "9.3.7",
"versionStartIncluding": "9.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "30970DF3-6DA7-4FAB-B234-3226F47F9C87",
"versionEndExcluding": "9.4.5",
"versionStartIncluding": "9.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "CB313879-7BD8-411A-B503-01689F0B326E",
"versionEndExcluding": "10.0.3",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2EEE3994-A508-46E7-81D6-C038C68235E7",
"versionEndExcluding": "9.3.2408.122",
"versionStartIncluding": "9.3.2408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C929336-F50D-4AFC-BCF9-CCA5BF89E599",
"versionEndExcluding": "9.3.2411.112",
"versionStartIncluding": "9.3.2411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62714243-8A5F-4908-BD39-7B1026B8E7D7",
"versionEndExcluding": "10.0.2503.9",
"versionStartIncluding": "10.0.2503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:10.1.2507:*:*:*:*:*:*:*",
"matchCriteriaId": "56CBDDE1-EBD2-4E82-A7B7-CE4F0F27BF21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the \"admin\" or \"power\" Splunk roles could bypass the SPL safeguards for risky commands when they create a Data Model that contains an injected SPL query within an object. They can bypass the safeguards by exploiting a path traversal vulnerability."
},
{
"lang": "es",
"value": "En las versiones de Splunk Enterprise anteriores a 10.2.0, 10.0.3, 9.4.5, 9.3.7 y 9.2.9, y en las versiones de Splunk Cloud Platform anteriores a 10.1.2507.0, 10.0.2503.9, 9.3.2411.112 y 9.3.2408.122, un usuario con pocos privilegios que no posea los roles de Splunk \u0027admin\u0027 o \u0027power\u0027 podr\u00eda eludir las salvaguardas de SPL para comandos arriesgados cuando crea un Modelo de Datos que contiene una consulta SPL inyectada dentro de un objeto. Puede eludir las salvaguardas explotando una vulnerabilidad de salto de ruta."
}
],
"id": "CVE-2026-20137",
"lastModified": "2026-06-17T10:17:11.473",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-20137",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T17:52:56.461958Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-02-18T18:24:22.637",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://advisory.splunk.com/advisories/SVD-2026-0202"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-4V8P-Q39M-4PJ8
Vulnerability from github – Published: 2026-02-18 18:30 – Updated: 2026-02-18 18:30
VLAI
Details
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky commands when they create a Data Model that contains an injected SPL query within an object. They can bypass the safeguards by exploiting a path traversal vulnerability.
Severity
{
"affected": [],
"aliases": [
"CVE-2026-20137"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-22"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-18T18:24:22Z",
"severity": "LOW"
},
"details": "In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the \"admin\" or \"power\" Splunk roles could bypass the SPL safeguards for risky commands when they create a Data Model that contains an injected SPL query within an object. They can bypass the safeguards by exploiting a path traversal vulnerability.",
"id": "GHSA-4v8p-q39m-4pj8",
"modified": "2026-02-18T18:30:40Z",
"published": "2026-02-18T18:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20137"
},
{
"type": "WEB",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0202"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
NCSC-2026-0068
Vulnerability from csaf_ncscnl - Published: 2026-02-23 14:27 - Updated: 2026-02-23 14:27Summary
Kwetsbaarheden verholpen in Splunk Enterprise en Splunk Cloud Platform
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Splunk heeft kwetsbaarheden verholpen in Splunk Enterprise en Splunk Cloud Platform.
Interpretaties: De kwetsbaarheden bevinden zich in verschillende versies van Splunk Enterprise en Splunk Cloud Platform. Ze stellen laaggeprivilegieerde gebruikers in staat om beveiligingen te omzeilen, gevoelige informatie te bekijken, en de REST API te misbruiken voor gebruikersauthenticatie. Dit kan leiden tot ongeautoriseerde toegang en verstoring van de service. Specifieke versies van Splunk Enterprise zijn kwetsbaar voor toegang tot de Monitoring Console App endpoints en het inzien van gevoelige configuraties zoals Duo Two-Factor Authentication sleutels, RSA accessKeys, en SAML configuraties in platte tekst. Deze kwetsbaarheden kunnen de integriteit en vertrouwelijkheid van gegevens en authenticatieprocessen in gevaar brengen.
Oplossingen: Splunk heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-400: Uncontrolled Resource Consumption
CWE-532: Insertion of Sensitive Information into Log File
A vulnerability in specific versions of Splunk Enterprise and Splunk Cloud Platform allows low-privileged users to exploit a path traversal issue, bypassing SPL safeguards when creating a Data Model with an injected SPL query.
CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorAffected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Splunk / Splunk Enterprise
|
vers:unknown/* |
Certain versions of Splunk Enterprise expose sensitive Duo Two-Factor Authentication keys in plain text to users with access to the `_internal` index.
6.8 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Splunk / Splunk Enterprise
|
vers:unknown/* |
A vulnerability in certain versions of Splunk Enterprise and Splunk Cloud Platform allows low-privileged users to exploit the REST API for user authentication, potentially leading to client-side denial-of-service through crafted malicious payloads.
4.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Splunk / Splunk Enterprise
|
vers:unknown/* |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Splunk / Splunk Enterprise
|
vers:unknown/* |
A vulnerability in Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9 allows low-privileged users to access sensitive Monitoring Console App endpoints, risking information disclosure.
4.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Splunk / Splunk Enterprise
|
vers:unknown/* |
Certain versions of Splunk Enterprise expose the RSA accessKey in plain text within the Authentication.conf file for users with access to the _internal index.
6.8 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Splunk / Splunk Enterprise
|
vers:unknown/* |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Splunk / Splunk Enterprise
|
vers:unknown/* |
Certain versions of Splunk Enterprise and Splunk Cloud Platform expose sensitive SAML configurations in plain text within the conf.log file for users with access to the _internal index.
6.8 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Splunk / Splunk Enterprise
|
vers:unknown/* |
References
16 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Splunk heeft kwetsbaarheden verholpen in Splunk Enterprise en Splunk Cloud Platform.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden bevinden zich in verschillende versies van Splunk Enterprise en Splunk Cloud Platform. Ze stellen laaggeprivilegieerde gebruikers in staat om beveiligingen te omzeilen, gevoelige informatie te bekijken, en de REST API te misbruiken voor gebruikersauthenticatie. Dit kan leiden tot ongeautoriseerde toegang en verstoring van de service. Specifieke versies van Splunk Enterprise zijn kwetsbaar voor toegang tot de Monitoring Console App endpoints en het inzien van gevoelige configuraties zoals Duo Two-Factor Authentication sleutels, RSA accessKeys, en SAML configuraties in platte tekst. Deze kwetsbaarheden kunnen de integriteit en vertrouwelijkheid van gegevens en authenticatieprocessen in gevaar brengen.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Splunk heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0202"
},
{
"category": "external",
"summary": "Reference",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0203"
},
{
"category": "external",
"summary": "Reference",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0204"
},
{
"category": "external",
"summary": "Reference",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0205"
},
{
"category": "external",
"summary": "Reference",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0206"
},
{
"category": "external",
"summary": "Reference",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0207"
},
{
"category": "external",
"summary": "Reference",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0208"
},
{
"category": "external",
"summary": "Reference",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0209"
}
],
"title": "Kwetsbaarheden verholpen in Splunk Enterprise en Splunk Cloud Platform",
"tracking": {
"current_release_date": "2026-02-23T14:27:28.865278Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0068",
"initial_release_date": "2026-02-23T14:27:28.865278Z",
"revision_history": [
{
"date": "2026-02-23T14:27:28.865278Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Splunk Enterprise"
}
],
"category": "vendor",
"name": "Splunk"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-20137",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "A vulnerability in specific versions of Splunk Enterprise and Splunk Cloud Platform allows low-privileged users to exploit a path traversal issue, bypassing SPL safeguards when creating a Data Model with an injected SPL query.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20137 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20137.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-20137"
},
{
"cve": "CVE-2026-20138",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
},
{
"category": "description",
"text": "Certain versions of Splunk Enterprise expose sensitive Duo Two-Factor Authentication keys in plain text to users with access to the `_internal` index.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20138 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20138.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-20138"
},
{
"cve": "CVE-2026-20139",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "A vulnerability in certain versions of Splunk Enterprise and Splunk Cloud Platform allows low-privileged users to exploit the REST API for user authentication, potentially leading to client-side denial-of-service through crafted malicious payloads.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20139 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20139.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-20139"
},
{
"cve": "CVE-2026-20140",
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20140 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20140.json"
}
],
"title": "CVE-2026-20140"
},
{
"cve": "CVE-2026-20141",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "A vulnerability in Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9 allows low-privileged users to access sensitive Monitoring Console App endpoints, risking information disclosure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20141 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20141.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-20141"
},
{
"cve": "CVE-2026-20142",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
},
{
"category": "description",
"text": "Certain versions of Splunk Enterprise expose the RSA accessKey in plain text within the Authentication.conf file for users with access to the _internal index.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20142 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20142.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-20142"
},
{
"cve": "CVE-2026-20143",
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20143 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20143.json"
}
],
"title": "CVE-2026-20143"
},
{
"cve": "CVE-2026-20144",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
},
{
"category": "description",
"text": "Certain versions of Splunk Enterprise and Splunk Cloud Platform expose sensitive SAML configurations in plain text within the conf.log file for users with access to the _internal index.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20144 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20144.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1"
]
}
],
"title": "CVE-2026-20144"
}
]
}
WID-SEC-W-2026-0457
Vulnerability from csaf_certbund - Published: 2026-02-18 23:00 - Updated: 2026-02-18 23:00Summary
Splunk Splunk Enterprise: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um Root-Rechte zu erlangen, beliebigen Code mit Systemrechten auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen. Informationen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.2.9
Splunk / Splunk Enterprise
|
<9.2.9 | ||
|
Splunk Splunk Enterprise <9.3.7
Splunk / Splunk Enterprise
|
<9.3.7 | ||
|
Splunk Splunk Enterprise <9.4.5
Splunk / Splunk Enterprise
|
<9.4.5 | ||
|
Splunk Splunk Enterprise <10.0.3
Splunk / Splunk Enterprise
|
<10.0.3 | ||
|
Splunk Splunk Enterprise <10.2.0
Splunk / Splunk Enterprise
|
<10.2.0 | ||
|
Splunk Splunk Enterprise <10.0.2
Splunk / Splunk Enterprise
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <9.3.9
Splunk / Splunk Enterprise
|
<9.3.9 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.2.9
Splunk / Splunk Enterprise
|
<9.2.9 | ||
|
Splunk Splunk Enterprise <9.3.7
Splunk / Splunk Enterprise
|
<9.3.7 | ||
|
Splunk Splunk Enterprise <9.4.5
Splunk / Splunk Enterprise
|
<9.4.5 | ||
|
Splunk Splunk Enterprise <10.2.0
Splunk / Splunk Enterprise
|
<10.2.0 | ||
|
Splunk Splunk Enterprise <9.4.7
Splunk / Splunk Enterprise
|
<9.4.7 | ||
|
Splunk Splunk Enterprise <10.0.2
Splunk / Splunk Enterprise
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <9.2.11
Splunk / Splunk Enterprise
|
<9.2.11 | ||
|
Splunk Splunk Enterprise <9.3.9
Splunk / Splunk Enterprise
|
<9.3.9 |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.2.9
Splunk / Splunk Enterprise
|
<9.2.9 | ||
|
Splunk Splunk Enterprise <9.3.7
Splunk / Splunk Enterprise
|
<9.3.7 | ||
|
Splunk Splunk Enterprise <9.4.5
Splunk / Splunk Enterprise
|
<9.4.5 | ||
|
Splunk Splunk Enterprise <9.2.12
Splunk / Splunk Enterprise
|
<9.2.12 | ||
|
Splunk Splunk Enterprise <9.4.8
Splunk / Splunk Enterprise
|
<9.4.8 | ||
|
Splunk Splunk Enterprise <9.3.8
Splunk / Splunk Enterprise
|
<9.3.8 | ||
|
Splunk Splunk Enterprise <10.2.0
Splunk / Splunk Enterprise
|
<10.2.0 | ||
|
Splunk Splunk Enterprise <9.4.7
Splunk / Splunk Enterprise
|
<9.4.7 | ||
|
Splunk Splunk Enterprise <10.0.2
Splunk / Splunk Enterprise
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <9.2.11
Splunk / Splunk Enterprise
|
<9.2.11 | ||
|
Splunk Splunk Enterprise <9.3.9
Splunk / Splunk Enterprise
|
<9.3.9 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.2.9
Splunk / Splunk Enterprise
|
<9.2.9 | ||
|
Splunk Splunk Enterprise <9.3.7
Splunk / Splunk Enterprise
|
<9.3.7 | ||
|
Splunk Splunk Enterprise <9.4.5
Splunk / Splunk Enterprise
|
<9.4.5 | ||
|
Splunk Splunk Enterprise <9.2.12
Splunk / Splunk Enterprise
|
<9.2.12 | ||
|
Splunk Splunk Enterprise <9.4.8
Splunk / Splunk Enterprise
|
<9.4.8 | ||
|
Splunk Splunk Enterprise <9.3.8
Splunk / Splunk Enterprise
|
<9.3.8 | ||
|
Splunk Splunk Enterprise <10.0.3
Splunk / Splunk Enterprise
|
<10.0.3 | ||
|
Splunk Splunk Enterprise <10.2.0
Splunk / Splunk Enterprise
|
<10.2.0 | ||
|
Splunk Splunk Enterprise <9.4.7
Splunk / Splunk Enterprise
|
<9.4.7 | ||
|
Splunk Splunk Enterprise <10.0.2
Splunk / Splunk Enterprise
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <9.2.11
Splunk / Splunk Enterprise
|
<9.2.11 | ||
|
Splunk Splunk Enterprise <9.3.9
Splunk / Splunk Enterprise
|
<9.3.9 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.3.7
Splunk / Splunk Enterprise
|
<9.3.7 | ||
|
Splunk Splunk Enterprise <9.4.5
Splunk / Splunk Enterprise
|
<9.4.5 | ||
|
Splunk Splunk Enterprise <9.4.8
Splunk / Splunk Enterprise
|
<9.4.8 | ||
|
Splunk Splunk Enterprise <9.3.8
Splunk / Splunk Enterprise
|
<9.3.8 | ||
|
Splunk Splunk Enterprise <10.0.3
Splunk / Splunk Enterprise
|
<10.0.3 | ||
|
Splunk Splunk Enterprise <9.4.7
Splunk / Splunk Enterprise
|
<9.4.7 | ||
|
Splunk Splunk Enterprise <10.0.2
Splunk / Splunk Enterprise
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <9.3.9
Splunk / Splunk Enterprise
|
<9.3.9 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.2.9
Splunk / Splunk Enterprise
|
<9.2.9 | ||
|
Splunk Splunk Enterprise <9.3.7
Splunk / Splunk Enterprise
|
<9.3.7 | ||
|
Splunk Splunk Enterprise <9.4.5
Splunk / Splunk Enterprise
|
<9.4.5 | ||
|
Splunk Splunk Enterprise <9.3.8
Splunk / Splunk Enterprise
|
<9.3.8 | ||
|
Splunk Splunk Enterprise <10.2.0
Splunk / Splunk Enterprise
|
<10.2.0 | ||
|
Splunk Splunk Enterprise <9.4.7
Splunk / Splunk Enterprise
|
<9.4.7 | ||
|
Splunk Splunk Enterprise <10.0.2
Splunk / Splunk Enterprise
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <9.2.11
Splunk / Splunk Enterprise
|
<9.2.11 | ||
|
Splunk Splunk Enterprise <9.3.9
Splunk / Splunk Enterprise
|
<9.3.9 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.3.7
Splunk / Splunk Enterprise
|
<9.3.7 | ||
|
Splunk Splunk Enterprise <9.4.5
Splunk / Splunk Enterprise
|
<9.4.5 | ||
|
Splunk Splunk Enterprise <9.4.8
Splunk / Splunk Enterprise
|
<9.4.8 | ||
|
Splunk Splunk Enterprise <9.3.8
Splunk / Splunk Enterprise
|
<9.3.8 | ||
|
Splunk Splunk Enterprise <10.0.3
Splunk / Splunk Enterprise
|
<10.0.3 | ||
|
Splunk Splunk Enterprise <10.2.0
Splunk / Splunk Enterprise
|
<10.2.0 | ||
|
Splunk Splunk Enterprise <9.4.7
Splunk / Splunk Enterprise
|
<9.4.7 | ||
|
Splunk Splunk Enterprise <10.0.2
Splunk / Splunk Enterprise
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <9.3.9
Splunk / Splunk Enterprise
|
<9.3.9 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.2.9
Splunk / Splunk Enterprise
|
<9.2.9 | ||
|
Splunk Splunk Enterprise <9.3.7
Splunk / Splunk Enterprise
|
<9.3.7 | ||
|
Splunk Splunk Enterprise <9.4.5
Splunk / Splunk Enterprise
|
<9.4.5 | ||
|
Splunk Splunk Enterprise <9.3.8
Splunk / Splunk Enterprise
|
<9.3.8 | ||
|
Splunk Splunk Enterprise <10.2.0
Splunk / Splunk Enterprise
|
<10.2.0 | ||
|
Splunk Splunk Enterprise <9.4.7
Splunk / Splunk Enterprise
|
<9.4.7 | ||
|
Splunk Splunk Enterprise <10.0.2
Splunk / Splunk Enterprise
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <9.2.11
Splunk / Splunk Enterprise
|
<9.2.11 |
References
10 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Splunk Enterprise erm\u00f6glicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um Root-Rechte zu erlangen, beliebigen Code mit Systemrechten auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen. Informationen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0457 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0457.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0457 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0457"
},
{
"category": "external",
"summary": "Splunk Security Advisories vom 2026-02-18",
"url": "https://advisory.splunk.com//advisories/SVD-2026-0202"
},
{
"category": "external",
"summary": "Splunk Security Advisories vom 2026-02-18",
"url": "https://advisory.splunk.com//advisories/SVD-2026-0203"
},
{
"category": "external",
"summary": "Splunk Security Advisories vom 2026-02-18",
"url": "https://advisory.splunk.com//advisories/SVD-2026-0204"
},
{
"category": "external",
"summary": "Splunk Security Advisories vom 2026-02-18",
"url": "https://advisory.splunk.com//advisories/SVD-2026-0205"
},
{
"category": "external",
"summary": "Splunk Security Advisories vom 2026-02-18",
"url": "https://advisory.splunk.com//advisories/SVD-2026-0206"
},
{
"category": "external",
"summary": "Splunk Security Advisories vom 2026-02-18",
"url": "https://advisory.splunk.com//advisories/SVD-2026-0207"
},
{
"category": "external",
"summary": "Splunk Security Advisories vom 2026-02-18",
"url": "https://advisory.splunk.com//advisories/SVD-2026-0208"
},
{
"category": "external",
"summary": "Splunk Security Advisories vom 2026-02-18",
"url": "https://advisory.splunk.com//advisories/SVD-2026-0209"
}
],
"source_lang": "en-US",
"title": "Splunk Splunk Enterprise: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-02-18T23:00:00.000+00:00",
"generator": {
"date": "2026-02-19T11:43:27.897+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0457",
"initial_release_date": "2026-02-18T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-02-18T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.2.0",
"product": {
"name": "Splunk Splunk Enterprise \u003c10.2.0",
"product_id": "T051006"
}
},
{
"category": "product_version",
"name": "10.2.0",
"product": {
"name": "Splunk Splunk Enterprise 10.2.0",
"product_id": "T051006-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:10.2.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.0.3",
"product": {
"name": "Splunk Splunk Enterprise \u003c10.0.3",
"product_id": "T051007"
}
},
{
"category": "product_version",
"name": "10.0.3",
"product": {
"name": "Splunk Splunk Enterprise 10.0.3",
"product_id": "T051007-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:10.0.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.4.5",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.4.5",
"product_id": "T051008"
}
},
{
"category": "product_version",
"name": "9.4.5",
"product": {
"name": "Splunk Splunk Enterprise 9.4.5",
"product_id": "T051008-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.4.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.3.7",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.3.7",
"product_id": "T051009"
}
},
{
"category": "product_version",
"name": "9.3.7",
"product": {
"name": "Splunk Splunk Enterprise 9.3.7",
"product_id": "T051009-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.3.7"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.9",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.2.9",
"product_id": "T051010"
}
},
{
"category": "product_version",
"name": "9.2.9",
"product": {
"name": "Splunk Splunk Enterprise 9.2.9",
"product_id": "T051010-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.2.9"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.0.2",
"product": {
"name": "Splunk Splunk Enterprise \u003c10.0.2",
"product_id": "T051011"
}
},
{
"category": "product_version",
"name": "10.0.2",
"product": {
"name": "Splunk Splunk Enterprise 10.0.2",
"product_id": "T051011-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:10.0.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.4.7",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.4.7",
"product_id": "T051012"
}
},
{
"category": "product_version",
"name": "9.4.7",
"product": {
"name": "Splunk Splunk Enterprise 9.4.7",
"product_id": "T051012-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.4.7"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.3.9",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.3.9",
"product_id": "T051013"
}
},
{
"category": "product_version",
"name": "9.3.9",
"product": {
"name": "Splunk Splunk Enterprise 9.3.9",
"product_id": "T051013-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.3.9"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.11",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.2.11",
"product_id": "T051014"
}
},
{
"category": "product_version",
"name": "9.2.11",
"product": {
"name": "Splunk Splunk Enterprise 9.2.11",
"product_id": "T051014-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.2.11"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.4.8",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.4.8",
"product_id": "T051015"
}
},
{
"category": "product_version",
"name": "9.4.8",
"product": {
"name": "Splunk Splunk Enterprise 9.4.8",
"product_id": "T051015-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.4.8"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.12",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.2.12",
"product_id": "T051016"
}
},
{
"category": "product_version",
"name": "9.2.12",
"product": {
"name": "Splunk Splunk Enterprise 9.2.12",
"product_id": "T051016-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.2.12"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.3.8",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.3.8",
"product_id": "T051018"
}
},
{
"category": "product_version",
"name": "9.3.8",
"product": {
"name": "Splunk Splunk Enterprise 9.3.8",
"product_id": "T051018-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.3.8"
}
}
}
],
"category": "product_name",
"name": "Splunk Enterprise"
}
],
"category": "vendor",
"name": "Splunk"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-20137",
"product_status": {
"known_affected": [
"T051010",
"T051009",
"T051008",
"T051007",
"T051006",
"T051011",
"T051013"
]
},
"release_date": "2026-02-18T23:00:00.000+00:00",
"title": "CVE-2026-20137"
},
{
"cve": "CVE-2026-20138",
"product_status": {
"known_affected": [
"T051010",
"T051009",
"T051008",
"T051006",
"T051012",
"T051011",
"T051014",
"T051013"
]
},
"release_date": "2026-02-18T23:00:00.000+00:00",
"title": "CVE-2026-20138"
},
{
"cve": "CVE-2026-20139",
"product_status": {
"known_affected": [
"T051010",
"T051009",
"T051008",
"T051016",
"T051015",
"T051018",
"T051006",
"T051012",
"T051011",
"T051014",
"T051013"
]
},
"release_date": "2026-02-18T23:00:00.000+00:00",
"title": "CVE-2026-20139"
},
{
"cve": "CVE-2026-20140",
"product_status": {
"known_affected": [
"T051010",
"T051009",
"T051008",
"T051016",
"T051015",
"T051018",
"T051007",
"T051006",
"T051012",
"T051011",
"T051014",
"T051013"
]
},
"release_date": "2026-02-18T23:00:00.000+00:00",
"title": "CVE-2026-20140"
},
{
"cve": "CVE-2026-20141",
"product_status": {
"known_affected": [
"T051009",
"T051008",
"T051015",
"T051018",
"T051007",
"T051012",
"T051011",
"T051013"
]
},
"release_date": "2026-02-18T23:00:00.000+00:00",
"title": "CVE-2026-20141"
},
{
"cve": "CVE-2026-20142",
"product_status": {
"known_affected": [
"T051010",
"T051009",
"T051008",
"T051018",
"T051006",
"T051012",
"T051011",
"T051014",
"T051013"
]
},
"release_date": "2026-02-18T23:00:00.000+00:00",
"title": "CVE-2026-20142"
},
{
"cve": "CVE-2026-20143",
"product_status": {
"known_affected": [
"T051009",
"T051008",
"T051015",
"T051018",
"T051007",
"T051006",
"T051012",
"T051011",
"T051013"
]
},
"release_date": "2026-02-18T23:00:00.000+00:00",
"title": "CVE-2026-20143"
},
{
"cve": "CVE-2026-20144",
"product_status": {
"known_affected": [
"T051010",
"T051009",
"T051008",
"T051018",
"T051006",
"T051012",
"T051011",
"T051014"
]
},
"release_date": "2026-02-18T23:00:00.000+00:00",
"title": "CVE-2026-20144"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…