Vulnerability-Lookup

WID-SEC-W-2026-1618

Vulnerability from csaf_certbund - Published: 2026-05-20 22:00 - Updated: 2026-06-16 22:00

Summary

Splunk Splunk Enterprise: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.

Betroffene Betriebssysteme: - Sonstiges - UNIX - Windows

CVE-2025-22872

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <10.0.5 Splunk / Splunk Enterprise		<10.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Splunk Splunk Enterprise <10.2.2 Splunk / Splunk Enterprise		<10.2.2
Splunk Splunk Enterprise <10.0.6 Splunk / Splunk Enterprise		<10.0.6
Splunk Splunk Enterprise <10.2.3 Splunk / Splunk Enterprise		<10.2.3
Splunk Splunk Enterprise <9.3.12 Splunk / Splunk Enterprise		<9.3.12
Splunk Splunk Enterprise <9.4.11 Splunk / Splunk Enterprise		<9.4.11

CVE-2025-47911

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <10.0.5 Splunk / Splunk Enterprise		<10.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Splunk Splunk Enterprise <10.2.2 Splunk / Splunk Enterprise		<10.2.2
Splunk Splunk Enterprise <10.0.6 Splunk / Splunk Enterprise		<10.0.6
Splunk Splunk Enterprise <10.2.3 Splunk / Splunk Enterprise		<10.2.3
Splunk Splunk Enterprise <9.3.12 Splunk / Splunk Enterprise		<9.3.12
Splunk Splunk Enterprise <9.4.11 Splunk / Splunk Enterprise		<9.4.11

CVE-2025-58190

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <10.0.5 Splunk / Splunk Enterprise		<10.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Splunk Splunk Enterprise <10.2.2 Splunk / Splunk Enterprise		<10.2.2
Splunk Splunk Enterprise <10.0.6 Splunk / Splunk Enterprise		<10.0.6
Splunk Splunk Enterprise <10.2.3 Splunk / Splunk Enterprise		<10.2.3
Splunk Splunk Enterprise <9.3.12 Splunk / Splunk Enterprise		<9.3.12
Splunk Splunk Enterprise <9.4.11 Splunk / Splunk Enterprise		<9.4.11

CVE-2025-61726

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <10.0.5 Splunk / Splunk Enterprise		<10.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Splunk Splunk Enterprise <10.2.2 Splunk / Splunk Enterprise		<10.2.2
Splunk Splunk Enterprise <10.0.6 Splunk / Splunk Enterprise		<10.0.6
Splunk Splunk Enterprise <10.2.3 Splunk / Splunk Enterprise		<10.2.3
Splunk Splunk Enterprise <9.3.12 Splunk / Splunk Enterprise		<9.3.12
Splunk Splunk Enterprise <9.4.11 Splunk / Splunk Enterprise		<9.4.11

CVE-2025-61731

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <10.0.5 Splunk / Splunk Enterprise		<10.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Splunk Splunk Enterprise <10.2.2 Splunk / Splunk Enterprise		<10.2.2
Splunk Splunk Enterprise <10.0.6 Splunk / Splunk Enterprise		<10.0.6
Splunk Splunk Enterprise <10.2.3 Splunk / Splunk Enterprise		<10.2.3
Splunk Splunk Enterprise <9.3.12 Splunk / Splunk Enterprise		<9.3.12
Splunk Splunk Enterprise <9.4.11 Splunk / Splunk Enterprise		<9.4.11

CVE-2025-61732

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <10.0.5 Splunk / Splunk Enterprise		<10.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Splunk Splunk Enterprise <10.2.2 Splunk / Splunk Enterprise		<10.2.2
Splunk Splunk Enterprise <10.0.6 Splunk / Splunk Enterprise		<10.0.6
Splunk Splunk Enterprise <10.2.3 Splunk / Splunk Enterprise		<10.2.3
Splunk Splunk Enterprise <9.3.12 Splunk / Splunk Enterprise		<9.3.12
Splunk Splunk Enterprise <9.4.11 Splunk / Splunk Enterprise		<9.4.11

CVE-2025-68121

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <10.0.5 Splunk / Splunk Enterprise		<10.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Splunk Splunk Enterprise <10.2.2 Splunk / Splunk Enterprise		<10.2.2
Splunk Splunk Enterprise <10.0.6 Splunk / Splunk Enterprise		<10.0.6
Splunk Splunk Enterprise <10.2.3 Splunk / Splunk Enterprise		<10.2.3
Splunk Splunk Enterprise <9.3.12 Splunk / Splunk Enterprise		<9.3.12
Splunk Splunk Enterprise <9.4.11 Splunk / Splunk Enterprise		<9.4.11

CVE-2025-68156

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <10.0.5 Splunk / Splunk Enterprise		<10.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Splunk Splunk Enterprise <10.2.2 Splunk / Splunk Enterprise		<10.2.2
Splunk Splunk Enterprise <10.0.6 Splunk / Splunk Enterprise		<10.0.6
Splunk Splunk Enterprise <10.2.3 Splunk / Splunk Enterprise		<10.2.3
Splunk Splunk Enterprise <9.3.12 Splunk / Splunk Enterprise		<9.3.12
Splunk Splunk Enterprise <9.4.11 Splunk / Splunk Enterprise		<9.4.11

CVE-2026-27141

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <10.0.5 Splunk / Splunk Enterprise		<10.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Splunk Splunk Enterprise <10.2.2 Splunk / Splunk Enterprise		<10.2.2
Splunk Splunk Enterprise <10.0.6 Splunk / Splunk Enterprise		<10.0.6
Splunk Splunk Enterprise <10.2.3 Splunk / Splunk Enterprise		<10.2.3
Splunk Splunk Enterprise <9.3.12 Splunk / Splunk Enterprise		<9.3.12
Splunk Splunk Enterprise <9.4.11 Splunk / Splunk Enterprise		<9.4.11

CVE-2026-20240

Affected products

Known affected 7 products

Product	Identifier	Version
Splunk Splunk Enterprise <10.0.5 Splunk / Splunk Enterprise		<10.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Splunk Splunk Enterprise <10.2.2 Splunk / Splunk Enterprise		<10.2.2
Splunk Splunk Enterprise <9.3.12 Splunk / Splunk Enterprise		<9.3.12
Splunk Splunk Enterprise <9.4.11 Splunk / Splunk Enterprise		<9.4.11

CVE-2026-20239

Affected products

Known affected 5 products

Product	Identifier	Version
Splunk Splunk Enterprise <10.0.5 Splunk / Splunk Enterprise		<10.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Splunk Splunk Enterprise <10.2.2 Splunk / Splunk Enterprise		<10.2.2

References

10 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://advisory.splunk.com//advisories/SVD-2026-0503	external
https://advisory.splunk.com//advisories/SVD-2026-0504	external
https://advisory.splunk.com//advisories/SVD-2026-0505	external
https://ubuntu.com/security/notices/USN-8430-1	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2026:26519	external
https://access.redhat.com/errata/RHSA-2026:26538	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Splunk Enterprise erm\u00f6glicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1618 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1618.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1618 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1618"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2026-0503 vom 2026-05-20",
        "url": "https://advisory.splunk.com//advisories/SVD-2026-0503"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2026-0504 vom 2026-05-20",
        "url": "https://advisory.splunk.com//advisories/SVD-2026-0504"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2026-0505 vom 2026-05-20",
        "url": "https://advisory.splunk.com//advisories/SVD-2026-0505"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8430-1 vom 2026-06-16",
        "url": "https://ubuntu.com/security/notices/USN-8430-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:2401-1 vom 2026-06-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026757.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:2400-1 vom 2026-06-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026758.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:26519 vom 2026-06-17",
        "url": "https://access.redhat.com/errata/RHSA-2026:26519"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:26538 vom 2026-06-17",
        "url": "https://access.redhat.com/errata/RHSA-2026:26538"
      }
    ],
    "source_lang": "en-US",
    "title": "Splunk Splunk Enterprise: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-06-16T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-17T10:29:55.519+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1618",
      "initial_release_date": "2026-05-20T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-05-20T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-06-15T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Ubuntu und SUSE aufgenommen"
        },
        {
          "date": "2026-06-16T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.2.2",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c10.2.2",
                  "product_id": "T054419"
                }
              },
              {
                "category": "product_version",
                "name": "10.2.2",
                "product": {
                  "name": "Splunk Splunk Enterprise 10.2.2",
                  "product_id": "T054419-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:10.2.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.0.5",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c10.0.5",
                  "product_id": "T054420"
                }
              },
              {
                "category": "product_version",
                "name": "10.0.5",
                "product": {
                  "name": "Splunk Splunk Enterprise 10.0.5",
                  "product_id": "T054420-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:10.0.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.4.11",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.4.11",
                  "product_id": "T054421"
                }
              },
              {
                "category": "product_version",
                "name": "9.4.11",
                "product": {
                  "name": "Splunk Splunk Enterprise 9.4.11",
                  "product_id": "T054421-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.4.11"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.3.12",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.3.12",
                  "product_id": "T054422"
                }
              },
              {
                "category": "product_version",
                "name": "9.3.12",
                "product": {
                  "name": "Splunk Splunk Enterprise 9.3.12",
                  "product_id": "T054422-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.3.12"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.2.3",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c10.2.3",
                  "product_id": "T054423"
                }
              },
              {
                "category": "product_version",
                "name": "10.2.3",
                "product": {
                  "name": "Splunk Splunk Enterprise 10.2.3",
                  "product_id": "T054423-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:10.2.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.0.6",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c10.0.6",
                  "product_id": "T054424"
                }
              },
              {
                "category": "product_version",
                "name": "10.0.6",
                "product": {
                  "name": "Splunk Splunk Enterprise 10.0.6",
                  "product_id": "T054424-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:10.0.6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Splunk Enterprise"
          }
        ],
        "category": "vendor",
        "name": "Splunk"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-22872",
      "product_status": {
        "known_affected": [
          "T054420",
          "T002207",
          "67646",
          "T000126",
          "T054419",
          "T054424",
          "T054423",
          "T054422",
          "T054421"
        ]
      },
      "release_date": "2026-05-20T22:00:00.000+00:00",
      "title": "CVE-2025-22872"
    },
    {
      "cve": "CVE-2025-47911",
      "product_status": {
        "known_affected": [
          "T054420",
          "T002207",
          "67646",
          "T000126",
          "T054419",
          "T054424",
          "T054423",
          "T054422",
          "T054421"
        ]
      },
      "release_date": "2026-05-20T22:00:00.000+00:00",
      "title": "CVE-2025-47911"
    },
    {
      "cve": "CVE-2025-58190",
      "product_status": {
        "known_affected": [
          "T054420",
          "T002207",
          "67646",
          "T000126",
          "T054419",
          "T054424",
          "T054423",
          "T054422",
          "T054421"
        ]
      },
      "release_date": "2026-05-20T22:00:00.000+00:00",
      "title": "CVE-2025-58190"
    },
    {
      "cve": "CVE-2025-61726",
      "product_status": {
        "known_affected": [
          "T054420",
          "T002207",
          "67646",
          "T000126",
          "T054419",
          "T054424",
          "T054423",
          "T054422",
          "T054421"
        ]
      },
      "release_date": "2026-05-20T22:00:00.000+00:00",
      "title": "CVE-2025-61726"
    },
    {
      "cve": "CVE-2025-61731",
      "product_status": {
        "known_affected": [
          "T054420",
          "T002207",
          "67646",
          "T000126",
          "T054419",
          "T054424",
          "T054423",
          "T054422",
          "T054421"
        ]
      },
      "release_date": "2026-05-20T22:00:00.000+00:00",
      "title": "CVE-2025-61731"
    },
    {
      "cve": "CVE-2025-61732",
      "product_status": {
        "known_affected": [
          "T054420",
          "T002207",
          "67646",
          "T000126",
          "T054419",
          "T054424",
          "T054423",
          "T054422",
          "T054421"
        ]
      },
      "release_date": "2026-05-20T22:00:00.000+00:00",
      "title": "CVE-2025-61732"
    },
    {
      "cve": "CVE-2025-68121",
      "product_status": {
        "known_affected": [
          "T054420",
          "T002207",
          "67646",
          "T000126",
          "T054419",
          "T054424",
          "T054423",
          "T054422",
          "T054421"
        ]
      },
      "release_date": "2026-05-20T22:00:00.000+00:00",
      "title": "CVE-2025-68121"
    },
    {
      "cve": "CVE-2025-68156",
      "product_status": {
        "known_affected": [
          "T054420",
          "T002207",
          "67646",
          "T000126",
          "T054419",
          "T054424",
          "T054423",
          "T054422",
          "T054421"
        ]
      },
      "release_date": "2026-05-20T22:00:00.000+00:00",
      "title": "CVE-2025-68156"
    },
    {
      "cve": "CVE-2026-27141",
      "product_status": {
        "known_affected": [
          "T054420",
          "T002207",
          "67646",
          "T000126",
          "T054419",
          "T054424",
          "T054423",
          "T054422",
          "T054421"
        ]
      },
      "release_date": "2026-05-20T22:00:00.000+00:00",
      "title": "CVE-2026-27141"
    },
    {
      "cve": "CVE-2026-20240",
      "product_status": {
        "known_affected": [
          "T054420",
          "T002207",
          "67646",
          "T000126",
          "T054419",
          "T054422",
          "T054421"
        ]
      },
      "release_date": "2026-05-20T22:00:00.000+00:00",
      "title": "CVE-2026-20240"
    },
    {
      "cve": "CVE-2026-20239",
      "product_status": {
        "known_affected": [
          "T054420",
          "T002207",
          "67646",
          "T000126",
          "T054419"
        ]
      },
      "release_date": "2026-05-20T22:00:00.000+00:00",
      "title": "CVE-2026-20239"
    }
  ]
}

CVE-2025-22872 (GCVE-0-2025-22872)

Vulnerability from cvelistv5 – Published: 2025-04-16 17:13 – Updated: 2025-05-16 23:03

Title

Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

Summary

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. <math>, <svg>, etc contexts).

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-79

Assigner

References

5 references

URL	Tags
https://go.dev/cl/662715
https://go.dev/issue/73070
https://groups.google.com/g/golang-announce/c/ezS…
https://pkg.go.dev/vuln/GO-2025-3595
https://security.netapp.com/advisory/ntap-2025051…

Impacted products

1 product

Vendor	Product	Version
golang.org/x/net	golang.org/x/net/html	Affected: 0 , < 0.38.0 (semver)

Credits

Sean Ng (https://ensy.zip)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-22872",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T20:14:29.607584Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T20:15:13.433Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-05-16T23:03:07.693Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250516-0007/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/net/html",
          "product": "golang.org/x/net/html",
          "programRoutines": [
            {
              "name": "Tokenizer.readStartTag"
            },
            {
              "name": "Parse"
            },
            {
              "name": "ParseFragment"
            },
            {
              "name": "ParseFragmentWithOptions"
            },
            {
              "name": "ParseWithOptions"
            },
            {
              "name": "Tokenizer.Next"
            }
          ],
          "vendor": "golang.org/x/net",
          "versions": [
            {
              "lessThan": "0.38.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sean Ng (https://ensy.zip)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-79",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-16T17:13:02.550Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/662715"
        },
        {
          "url": "https://go.dev/issue/73070"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2025-3595"
        }
      ],
      "title": "Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-22872",
    "datePublished": "2025-04-16T17:13:02.550Z",
    "dateReserved": "2025-01-08T19:11:42.834Z",
    "dateUpdated": "2025-05-16T23:03:07.693Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-47911 (GCVE-0-2025-47911)

Vulnerability from cvelistv5 – Published: 2026-02-05 17:48 – Updated: 2026-02-12 15:23

Title

Quadratic parsing complexity in golang.org/x/net/html

Summary

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

References

4 references

URL	Tags
https://go.dev/cl/709876
https://github.com/golang/vulndb/issues/4440
https://groups.google.com/g/golang-announce/c/jnQ…
https://pkg.go.dev/vuln/GO-2026-4440

Impacted products

1 product

Vendor	Product	Version
golang.org/x/net	golang.org/x/net/html	Affected: 0 , < 0.45.0 (semver)

Credits

Guido Vranken Jakub Ciolek

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-47911",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-12T15:23:40.307728Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-12T15:23:55.509Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/net/html",
          "product": "golang.org/x/net/html",
          "programRoutines": [
            {
              "name": "parser.parse"
            },
            {
              "name": "Parse"
            },
            {
              "name": "ParseFragment"
            },
            {
              "name": "ParseFragmentWithOptions"
            },
            {
              "name": "ParseWithOptions"
            }
          ],
          "vendor": "golang.org/x/net",
          "versions": [
            {
              "lessThan": "0.45.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Guido Vranken"
        },
        {
          "lang": "en",
          "value": "Jakub Ciolek"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-05T17:48:44.562Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/709876"
        },
        {
          "url": "https://github.com/golang/vulndb/issues/4440"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-4440"
        }
      ],
      "title": "Quadratic parsing complexity in golang.org/x/net/html"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-47911",
    "datePublished": "2026-02-05T17:48:44.562Z",
    "dateReserved": "2025-05-13T23:31:29.597Z",
    "dateUpdated": "2026-02-12T15:23:55.509Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-58190 (GCVE-0-2025-58190)

Vulnerability from cvelistv5 – Published: 2026-02-05 17:48 – Updated: 2026-02-12 15:22

Title

Infinite parsing loop in golang.org/x/net

Summary

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-835 - Loop with Unreachable Exit Condition

Assigner

References

4 references

URL	Tags
https://groups.google.com/g/golang-announce/c/jnQ…
https://github.com/golang/vulndb/issues/4441
https://go.dev/cl/709875
https://pkg.go.dev/vuln/GO-2026-4441

Impacted products

1 product

Vendor	Product	Version
golang.org/x/net	golang.org/x/net/html	Affected: 0 , < 0.45.0 (semver)

Credits

Guido Vranken

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-58190",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-12T15:22:10.801204Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-12T15:22:37.685Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/net/html",
          "product": "golang.org/x/net/html",
          "programRoutines": [
            {
              "name": "inRowIM"
            },
            {
              "name": "Parse"
            },
            {
              "name": "ParseFragment"
            },
            {
              "name": "ParseFragmentWithOptions"
            },
            {
              "name": "ParseWithOptions"
            }
          ],
          "vendor": "golang.org/x/net",
          "versions": [
            {
              "lessThan": "0.45.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Guido Vranken"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-835: Loop with Unreachable Exit Condition",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-05T17:48:44.693Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c"
        },
        {
          "url": "https://github.com/golang/vulndb/issues/4441"
        },
        {
          "url": "https://go.dev/cl/709875"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-4441"
        }
      ],
      "title": "Infinite parsing loop in golang.org/x/net"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-58190",
    "datePublished": "2026-02-05T17:48:44.693Z",
    "dateReserved": "2025-08-27T14:50:58.692Z",
    "dateUpdated": "2026-02-12T15:22:37.685Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-61726 (GCVE-0-2025-61726)

Vulnerability from cvelistv5 – Published: 2026-01-28 19:30 – Updated: 2026-01-29 18:31

Title

Memory exhaustion in query parameter parsing in net/url

Summary

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

References

4 references

URL	Tags
https://go.dev/cl/736712
https://go.dev/issue/77101
https://groups.google.com/g/golang-announce/c/Vd2…
https://pkg.go.dev/vuln/GO-2026-4341

Impacted products

1 product

Vendor	Product	Version
Go standard library	net/url	Affected: 0 , < 1.24.12 (semver) Affected: 1.25.0 , < 1.25.6 (semver)

Credits

jub0bs

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-61726",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-29T18:31:39.150633Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-29T18:31:59.685Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "net/url",
          "product": "net/url",
          "programRoutines": [
            {
              "name": "parseQuery"
            },
            {
              "name": "ParseQuery"
            },
            {
              "name": "URL.Query"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.24.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.6",
              "status": "affected",
              "version": "1.25.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "jub0bs"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-28T19:30:31.215Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/736712"
        },
        {
          "url": "https://go.dev/issue/77101"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-4341"
        }
      ],
      "title": "Memory exhaustion in query parameter parsing in net/url"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-61726",
    "datePublished": "2026-01-28T19:30:31.215Z",
    "dateReserved": "2025-09-30T15:05:03.605Z",
    "dateUpdated": "2026-01-29T18:31:59.685Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-61731 (GCVE-0-2025-61731)

Vulnerability from cvelistv5 – Published: 2026-01-28 19:30 – Updated: 2026-02-26 15:04

Title

Arbitrary file write using cgo pkg-config directive in cmd/go

Summary

Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a "--log-file" argument to this directive, causing pkg-config to write to an attacker-controlled location.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

References

4 references

URL	Tags
https://go.dev/cl/736711
https://go.dev/issue/77100
https://groups.google.com/g/golang-announce/c/Vd2…
https://pkg.go.dev/vuln/GO-2026-4339

Impacted products

1 product

Vendor	Product	Version
Go toolchain	cmd/go	Affected: 0 , < 1.24.12 (semver) Affected: 1.25.0 , < 1.25.6 (semver)

Credits

RyotaK (https://ryotak.net) of GMO Flatt Security Inc.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-61731",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-29T04:55:56.484332Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:45.375Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "cmd/go",
          "product": "cmd/go",
          "vendor": "Go toolchain",
          "versions": [
            {
              "lessThan": "1.24.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.6",
              "status": "affected",
              "version": "1.25.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "RyotaK (https://ryotak.net) of GMO Flatt Security Inc."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The \"#cgo pkg-config:\" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a \"--log-file\" argument to this directive, causing pkg-config to write to an attacker-controlled location."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-28T19:30:30.844Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/736711"
        },
        {
          "url": "https://go.dev/issue/77100"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-4339"
        }
      ],
      "title": "Arbitrary file write using cgo pkg-config directive in cmd/go"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-61731",
    "datePublished": "2026-01-28T19:30:30.844Z",
    "dateReserved": "2025-09-30T15:05:03.605Z",
    "dateUpdated": "2026-02-26T15:04:45.375Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-61732 (GCVE-0-2025-61732)

Vulnerability from cvelistv5 – Published: 2026-02-05 03:42 – Updated: 2026-02-05 14:57

Title

Potential code smuggling via doc comments in cmd/cgo

Summary

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.

Severity

8.6 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Assigner

References

4 references

URL	Tags
https://go.dev/cl/734220
https://go.dev/issue/76697
https://groups.google.com/g/golang-announce/c/K09…
https://pkg.go.dev/vuln/GO-2026-4433

Impacted products

1 product

Vendor	Product	Version
Go toolchain	cmd/cgo	Affected: 0 , < 1.24.13 (semver) Affected: 1.25.0-0 , < 1.25.7 (semver)

Credits

RyotaK (https://ryotak.net) of GMO Flatt Security Inc.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 8.6,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-61732",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-05T14:56:35.952364Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-05T14:57:44.851Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "cmd/cgo",
          "product": "cmd/cgo",
          "vendor": "Go toolchain",
          "versions": [
            {
              "lessThan": "1.24.13",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.7",
              "status": "affected",
              "version": "1.25.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "RyotaK (https://ryotak.net) of GMO Flatt Security Inc."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-05T03:42:26.392Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/734220"
        },
        {
          "url": "https://go.dev/issue/76697"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-4433"
        }
      ],
      "title": "Potential code smuggling via doc comments in cmd/cgo"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-61732",
    "datePublished": "2026-02-05T03:42:26.392Z",
    "dateReserved": "2025-09-30T15:05:03.606Z",
    "dateUpdated": "2026-02-05T14:57:44.851Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-68121 (GCVE-0-2025-68121)

Vulnerability from cvelistv5 – Published: 2026-02-05 17:48 – Updated: 2026-04-29 13:29

Title

Unexpected session resumption in crypto/tls

Summary

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.

Severity

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

SSVC

Exploitation: none Automatable: yes Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-295 - Improper Certificate Validation

Assigner

References

4 references

URL	Tags
https://groups.google.com/g/golang-announce/c/K09…
https://go.dev/cl/737700
https://go.dev/issue/77217
https://pkg.go.dev/vuln/GO-2026-4337

Impacted products

1 product

Vendor	Product	Version
Go standard library	crypto/tls	Affected: 0 , < 1.24.13 (semver) Affected: 1.25.0-0 , < 1.25.7 (semver) Affected: 1.26.0-rc.1 , < 1.26.0-rc.3 (semver)

Credits

Coia Prant (github.com/rbqvq) Go Security Team

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-68121",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-29T03:55:46.305385Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-295",
                "description": "CWE-295 Improper Certificate Validation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-29T13:29:25.582Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "crypto/tls",
          "product": "crypto/tls",
          "programRoutines": [
            {
              "name": "Conn.handshakeContext"
            },
            {
              "name": "Conn.Handshake"
            },
            {
              "name": "Conn.HandshakeContext"
            },
            {
              "name": "Conn.Read"
            },
            {
              "name": "Conn.Write"
            },
            {
              "name": "Dial"
            },
            {
              "name": "DialWithDialer"
            },
            {
              "name": "Dialer.Dial"
            },
            {
              "name": "Dialer.DialContext"
            },
            {
              "name": "QUICConn.Start"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.24.13",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.7",
              "status": "affected",
              "version": "1.25.0-0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.26.0-rc.3",
              "status": "affected",
              "version": "1.26.0-rc.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Coia Prant (github.com/rbqvq)"
        },
        {
          "lang": "en",
          "value": "Go Security Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-295: Improper Certificate Validation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-05T17:48:44.141Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
        },
        {
          "url": "https://go.dev/cl/737700"
        },
        {
          "url": "https://go.dev/issue/77217"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-4337"
        }
      ],
      "title": "Unexpected session resumption in crypto/tls"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-68121",
    "datePublished": "2026-02-05T17:48:44.141Z",
    "dateReserved": "2025-12-15T16:48:04.451Z",
    "dateUpdated": "2026-04-29T13:29:25.582Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-68156 (GCVE-0-2025-68156)

Vulnerability from cvelistv5 – Published: 2025-12-16 18:24 – Updated: 2025-12-16 19:59

Title

Expr has Denial of Service via Unbounded Recursion in Builtin Functions

Summary

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse indefinitely until exceed the Go runtime stack limit. This results in a stack overflow panic, causing the host application to crash. While exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the evaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness. Instead of returning a recoverable evaluation error, the process may terminate unexpectedly. In affected versions, evaluation of expressions that invoke certain builtin functions on untrusted or insufficiently validated data structures can lead to a process-level crash due to stack exhaustion. This issue is most relevant in scenarios where Expr is used to evaluate expressions against externally supplied or dynamically constructed environments; cyclic references (directly or indirectly) can be introduced into arrays, maps, or structs; and there are no application-level safeguards preventing deeply nested input data. In typical use cases with controlled, acyclic data, the issue may not manifest. However, when present, the resulting panic can be used to reliably crash the application, constituting a denial of service. The issue has been fixed in the v1.17.7 versions of Expr. The patch introduces a maximum recursion depth limit for affected builtin functions. When this limit is exceeded, evaluation aborts gracefully and returns a descriptive error instead of panicking. Additionally, the maximum depth can be customized by users via `builtin.MaxDepth`, allowing applications with legitimate deep structures to raise the limit in a controlled manner. Users are strongly encouraged to upgrade to the patched release, which includes both the recursion guard and comprehensive test coverage to prevent regressions. For users who cannot immediately upgrade, some mitigations are recommended. Ensure that evaluation environments cannot contain cyclic references, validate or sanitize externally supplied data structures before passing them to Expr, and/or wrap expression evaluation with panic recovery to prevent a full process crash (as a last-resort defensive measure). These workarounds reduce risk but do not fully eliminate the issue without the patch.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/expr-lang/expr/security/adviso…	x_refsource_CONFIRM
https://github.com/expr-lang/expr/pull/870	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
expr-lang	expr	Affected: < 1.17.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-68156",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-16T19:58:48.969218Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-16T19:59:24.007Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "expr",
          "vendor": "expr-lang",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.17.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse indefinitely until exceed the Go runtime stack limit. This results in a stack overflow panic, causing the host application to crash. While exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the\nevaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness. Instead of returning a recoverable evaluation error, the process may terminate unexpectedly. In affected versions, evaluation of expressions that invoke certain builtin functions on untrusted or insufficiently validated data structures can lead to a process-level crash due to stack exhaustion. This issue is most relevant in scenarios where Expr is used to evaluate expressions against externally supplied or dynamically constructed environments; cyclic references (directly or indirectly) can be introduced into arrays, maps, or structs; and there are no application-level safeguards preventing deeply nested input data. In typical use cases with controlled, acyclic data, the issue may not manifest. However, when present, the resulting panic can be used to reliably crash the application, constituting a denial of service. The issue has been fixed in the v1.17.7 versions of Expr. The patch introduces a maximum recursion depth limit for affected builtin functions. When this limit is exceeded, evaluation aborts gracefully and returns a descriptive error instead of panicking. Additionally, the maximum depth can be customized by users via `builtin.MaxDepth`, allowing applications with legitimate deep structures to raise the limit in a controlled manner. Users are strongly encouraged to upgrade to the patched release, which includes both the recursion guard and comprehensive test coverage to prevent regressions. For users who cannot immediately upgrade, some mitigations are recommended. Ensure that evaluation environments cannot contain cyclic references, validate or sanitize externally supplied data structures before passing them to Expr, and/or wrap expression evaluation with panic recovery to prevent a full process crash (as a last-resort defensive measure). These workarounds reduce risk but do not fully eliminate the issue without the patch."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-16T18:24:11.648Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6"
        },
        {
          "name": "https://github.com/expr-lang/expr/pull/870",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/expr-lang/expr/pull/870"
        }
      ],
      "source": {
        "advisory": "GHSA-cfpf-hrx2-8rv6",
        "discovery": "UNKNOWN"
      },
      "title": "Expr has Denial of Service via Unbounded Recursion in Builtin Functions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-68156",
    "datePublished": "2025-12-16T18:24:11.648Z",
    "dateReserved": "2025-12-15T23:02:17.604Z",
    "dateUpdated": "2025-12-16T19:59:24.007Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20239 (GCVE-0-2026-20239)

Vulnerability from cvelistv5 – Published: 2026-05-20 16:32 – Updated: 2026-05-21 03:55

Title

Sensitive Information Disclosure through Log Files in Splunk Enterprise

Summary

In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_internal` index could view session cookies and response bodies that contain sensitive data.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-532 - Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

Assigner

cisco

References

1 reference

URL	Tags
https://advisory.splunk.com/advisories/SVD-2026-0503

Impacted products

2 products

Vendor	Product	Version
Splunk	Splunk Enterprise	Affected: 10.2 , < 10.2.2 (custom) Affected: 10.0 , < 10.0.5 (custom)
Splunk	Splunk Cloud Platform	Affected: 10.3.2512 , < 10.3.2512.8 (custom) Affected: 10.2.2510 , < 10.2.2510.11 (custom) Affected: 10.1.2507 , < 10.1.2507.21 (custom) Affected: 10.0.2503 , < 10.0.2503.13 (custom)

Date Public

2026-05-20 00:00

Credits

Charlie Huggard, Splunk

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20239",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-21T03:55:38.324Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk Enterprise",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "10.2.2",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            },
            {
              "lessThan": "10.0.5",
              "status": "affected",
              "version": "10.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Splunk Cloud Platform",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "10.3.2512.8",
              "status": "affected",
              "version": "10.3.2512",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2510.11",
              "status": "affected",
              "version": "10.2.2510",
              "versionType": "custom"
            },
            {
              "lessThan": "10.1.2507.21",
              "status": "affected",
              "version": "10.1.2507",
              "versionType": "custom"
            },
            {
              "lessThan": "10.0.2503.13",
              "status": "affected",
              "version": "10.0.2503",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Charlie Huggard, Splunk"
        }
      ],
      "datePublic": "2026-05-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_internal` index could view session cookies and response bodies that contain sensitive data."
            }
          ],
          "value": "In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_internal` index could view session cookies and response bodies that contain sensitive data."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-20T16:32:12.678Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0503"
        }
      ],
      "source": {
        "advisory": "SVD-2026-0503"
      },
      "title": "Sensitive Information Disclosure through Log Files in Splunk Enterprise"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20239",
    "datePublished": "2026-05-20T16:32:12.678Z",
    "dateReserved": "2025-10-08T11:59:15.400Z",
    "dateUpdated": "2026-05-21T03:55:38.324Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20240 (GCVE-0-2026-20240)

Vulnerability from cvelistv5 – Published: 2026-05-20 16:32 – Updated: 2026-05-20 17:47

Title

Denial of Service through coldToFrozen.sh Script in Splunk Enterprise

Summary

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the ‘admin’ or ‘power’ Splunk roles could cause a Denial of Service by exploiting the `coldToFrozen.sh` script in the `splunk_archiver` app to rename critical Splunk directories, making the instance non-functional.<br><br>The Denial of Service is possible because of missing input validation in the `coldToFrozen.sh` script, which accepts arbitrary file paths and renames them without restricting operations to safe directories.

Severity

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-20 - The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

Assigner

cisco

References

1 reference

URL	Tags
https://advisory.splunk.com/advisories/SVD-2026-0504

Impacted products

2 products

Vendor	Product	Version
Splunk	Splunk Enterprise	Affected: 10.2 , < 10.2.2 (custom) Affected: 10.0 , < 10.0.5 (custom) Affected: 9.4 , < 9.4.11 (custom) Affected: 9.3 , < 9.3.12 (custom)
Splunk	Splunk Cloud Platform	Affected: 10.4.2603 , < 10.4.2603.1 (custom) Affected: 10.3.2512 , < 10.3.2512.9 (custom) Affected: 10.2.2510 , < 10.2.2510.11 (custom) Affected: 10.1.2507 , < 10.1.2507.21 (custom) Affected: 10.0.2503 , < 10.0.2503.13 (custom) Affected: 9.3.2411 , < 9.3.2411.129 (custom)

Date Public

2026-05-20 00:00

Credits

Alex Hordijk (hordalex)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20240",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-20T17:47:29.920729Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-20T17:47:46.372Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk Enterprise",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "10.2.2",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            },
            {
              "lessThan": "10.0.5",
              "status": "affected",
              "version": "10.0",
              "versionType": "custom"
            },
            {
              "lessThan": "9.4.11",
              "status": "affected",
              "version": "9.4",
              "versionType": "custom"
            },
            {
              "lessThan": "9.3.12",
              "status": "affected",
              "version": "9.3",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Splunk Cloud Platform",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "10.4.2603.1",
              "status": "affected",
              "version": "10.4.2603",
              "versionType": "custom"
            },
            {
              "lessThan": "10.3.2512.9",
              "status": "affected",
              "version": "10.3.2512",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2510.11",
              "status": "affected",
              "version": "10.2.2510",
              "versionType": "custom"
            },
            {
              "lessThan": "10.1.2507.21",
              "status": "affected",
              "version": "10.1.2507",
              "versionType": "custom"
            },
            {
              "lessThan": "10.0.2503.13",
              "status": "affected",
              "version": "10.0.2503",
              "versionType": "custom"
            },
            {
              "lessThan": "9.3.2411.129",
              "status": "affected",
              "version": "9.3.2411",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Alex Hordijk (hordalex)"
        }
      ],
      "datePublic": "2026-05-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the \u2018admin\u2019 or \u2018power\u2019 Splunk roles could cause a Denial of Service by exploiting the `coldToFrozen.sh` script in the `splunk_archiver` app to rename critical Splunk directories, making the instance non-functional.\u003cbr\u003e\u003cbr\u003eThe Denial of Service is possible because of missing input validation in the `coldToFrozen.sh` script, which accepts arbitrary file paths and renames them without restricting operations to safe directories."
            }
          ],
          "value": "In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the \u2018admin\u2019 or \u2018power\u2019 Splunk roles could cause a Denial of Service by exploiting the `coldToFrozen.sh` script in the `splunk_archiver` app to rename critical Splunk directories, making the instance non-functional.\u003cbr\u003e\u003cbr\u003eThe Denial of Service is possible because of missing input validation in the `coldToFrozen.sh` script, which accepts arbitrary file paths and renames them without restricting operations to safe directories."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-20T16:32:05.687Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0504"
        }
      ],
      "source": {
        "advisory": "SVD-2026-0504"
      },
      "title": "Denial of Service through coldToFrozen.sh Script in Splunk Enterprise"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20240",
    "datePublished": "2026-05-20T16:32:05.687Z",
    "dateReserved": "2025-10-08T11:59:15.400Z",
    "dateUpdated": "2026-05-20T17:47:46.372Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-1618

CVE-2025-22872 (GCVE-0-2025-22872)

CVE-2025-47911 (GCVE-0-2025-47911)

CVE-2025-58190 (GCVE-0-2025-58190)

CVE-2025-61726 (GCVE-0-2025-61726)

CVE-2025-61731 (GCVE-0-2025-61731)

CVE-2025-61732 (GCVE-0-2025-61732)

CVE-2025-68121 (GCVE-0-2025-68121)

CVE-2025-68156 (GCVE-0-2025-68156)

CVE-2026-20239 (GCVE-0-2026-20239)

CVE-2026-20240 (GCVE-0-2026-20240)

Tags

Sightings

Nomenclature