Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    656 vulnerabilities by Splunk

    CERTFR-2026-AVI-0774

    Vulnerability from certfr_avis - Published: 2026-06-18 - Updated: 2026-06-18

    De multiples vulnérabilités ont été découvertes dans Splunk AI Toolkit. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Splunk Splunk Splunk AI Toolkit versions antérieures à 5.7.4
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Splunk AI Toolkit versions ant\u00e9rieures \u00e0 5.7.4",
          "product": {
            "name": "Splunk",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-20265",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-20265"
        },
        {
          "name": "CVE-2026-20266",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-20266"
        }
      ],
      "initial_release_date": "2026-06-18T00:00:00",
      "last_revision_date": "2026-06-18T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0774",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-06-18T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Splunk AI Toolkit. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Splunk AI Toolkit",
      "vendor_advisories": [
        {
          "published_at": "2026-06-17",
          "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0613",
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0613"
        },
        {
          "published_at": "2026-06-17",
          "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0614",
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0614"
        }
      ]
    }

    CERTFR-2026-AVI-0736

    Vulnerability from certfr_avis - Published: 2026-06-11 - Updated: 2026-06-11

    De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une falsification de requêtes côté serveur (SSRF).

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Splunk Splunk Secure Gateway Splunk Secure Gateway versions 3.10.x antérieures à 3.10.6
    Splunk Splunk Cloud Platform Splunk Cloud Platform versions 10.1.2507.x antérieures à 10.1.2507.23
    Splunk Splunk Enterprise Splunk Enterprise versions 9.3.x antérieures à 9.3.13
    Splunk Splunk Enterprise Splunk Enterprise versions 9.4.x antérieures à 9.4.12
    Splunk SOAR Splunk SOAR versions antérieures à 8.5.0
    Splunk Splunk Cloud Platform Splunk Cloud Platform versions 9.3.2411.x antérieures à 9.3.2411.132
    Splunk Splunk Cloud Platform Splunk Cloud Platform versions 10.2.2510.x antérieures à 10.2.2510.15
    Splunk Splunk Cloud Platform Splunk Cloud Platform versions 10.3.2512.x antérieures à 10.3.2512.13
    Splunk Splunk Enterprise Splunk Enterprise versions 10.0.x antérieures à 10.0.7
    Splunk Splunk Cloud Platform Splunk Cloud Platform versions 10.4.2604.x antérieures à 10.4.2604.3
    Splunk Splunk Secure Gateway Splunk Secure Gateway versions antérieures à 3.8.67
    Splunk Splunk Enterprise Splunk Enterprise versions 10.2.x antérieures à 10.2.4
    Splunk Splunk Cloud Platform Splunk Cloud Platform versions 10.0.2503.x antérieures à 10.0.2503.14
    Splunk Splunk Secure Gateway Splunk Secure Gateway versions 3.9.x antérieures à 3.9.20
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Splunk Secure Gateway versions 3.10.x ant\u00e9rieures \u00e0 3.10.6",
          "product": {
            "name": "Splunk Secure Gateway",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk Cloud Platform versions 10.1.2507.x ant\u00e9rieures \u00e0 10.1.2507.23",
          "product": {
            "name": "Splunk Cloud Platform",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk Enterprise versions 9.3.x ant\u00e9rieures \u00e0 9.3.13",
          "product": {
            "name": "Splunk Enterprise",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk Enterprise versions 9.4.x ant\u00e9rieures \u00e0 9.4.12",
          "product": {
            "name": "Splunk Enterprise",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk SOAR versions ant\u00e9rieures \u00e0 8.5.0",
          "product": {
            "name": "SOAR",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk Cloud Platform versions 9.3.2411.x ant\u00e9rieures \u00e0 9.3.2411.132",
          "product": {
            "name": "Splunk Cloud Platform",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk Cloud Platform versions 10.2.2510.x ant\u00e9rieures \u00e0 10.2.2510.15",
          "product": {
            "name": "Splunk Cloud Platform",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk Cloud Platform versions 10.3.2512.x ant\u00e9rieures \u00e0 10.3.2512.13",
          "product": {
            "name": "Splunk Cloud Platform",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk Enterprise versions 10.0.x ant\u00e9rieures \u00e0 10.0.7",
          "product": {
            "name": "Splunk Enterprise",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk Cloud Platform versions 10.4.2604.x ant\u00e9rieures \u00e0 10.4.2604.3",
          "product": {
            "name": "Splunk Cloud Platform",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk Secure Gateway versions ant\u00e9rieures \u00e0 3.8.67",
          "product": {
            "name": "Splunk Secure Gateway",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk Enterprise versions 10.2.x ant\u00e9rieures \u00e0 10.2.4",
          "product": {
            "name": "Splunk Enterprise",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk Cloud Platform versions 10.0.2503.x ant\u00e9rieures \u00e0 10.0.2503.14",
          "product": {
            "name": "Splunk Cloud Platform",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk Secure Gateway versions 3.9.x ant\u00e9rieures \u00e0 3.9.20",
          "product": {
            "name": "Splunk Secure Gateway",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-20260",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-20260"
        },
        {
          "name": "CVE-2026-22701",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22701"
        },
        {
          "name": "CVE-2025-61731",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
        },
        {
          "name": "CVE-2026-20259",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-20259"
        },
        {
          "name": "CVE-2026-2006",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2006"
        },
        {
          "name": "CVE-2026-2005",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2005"
        },
        {
          "name": "CVE-2026-24051",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24051"
        },
        {
          "name": "CVE-2026-20256",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-20256"
        },
        {
          "name": "CVE-2026-20257",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-20257"
        },
        {
          "name": "CVE-2026-1703",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1703"
        },
        {
          "name": "CVE-2026-27142",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27142"
        },
        {
          "name": "CVE-2026-20255",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-20255"
        },
        {
          "name": "CVE-2026-20258",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-20258"
        },
        {
          "name": "CVE-2026-34480",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34480"
        },
        {
          "name": "CVE-2025-68161",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
        },
        {
          "name": "CVE-2025-61732",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
        },
        {
          "name": "CVE-2025-68146",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68146"
        },
        {
          "name": "CVE-2026-25679",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
        },
        {
          "name": "CVE-2026-20252",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-20252"
        },
        {
          "name": "CVE-2026-1229",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1229"
        },
        {
          "name": "CVE-2026-20254",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-20254"
        },
        {
          "name": "CVE-2025-12818",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12818"
        },
        {
          "name": "CVE-2026-4148",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4148"
        },
        {
          "name": "CVE-2025-8869",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-8869"
        },
        {
          "name": "CVE-2025-12817",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12817"
        },
        {
          "name": "CVE-2025-47913",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
        },
        {
          "name": "CVE-2025-58181",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
        },
        {
          "name": "CVE-2026-27459",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27459"
        },
        {
          "name": "CVE-2026-4147",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4147"
        },
        {
          "name": "CVE-2025-47914",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
        },
        {
          "name": "CVE-2026-34516",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34516"
        },
        {
          "name": "CVE-2026-27448",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27448"
        },
        {
          "name": "CVE-2026-20251",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-20251"
        },
        {
          "name": "CVE-2026-23490",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23490"
        },
        {
          "name": "CVE-2026-24049",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
        },
        {
          "name": "CVE-2026-2003",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2003"
        },
        {
          "name": "CVE-2026-4358",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4358"
        },
        {
          "name": "CVE-2025-68121",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
        },
        {
          "name": "CVE-2026-20253",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-20253"
        },
        {
          "name": "CVE-2025-61726",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
        },
        {
          "name": "CVE-2026-34520",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34520"
        },
        {
          "name": "CVE-2026-2004",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2004"
        },
        {
          "name": "CVE-2026-34477",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34477"
        }
      ],
      "initial_release_date": "2026-06-11T00:00:00",
      "last_revision_date": "2026-06-11T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0736",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-06-11T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF).",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
      "vendor_advisories": [
        {
          "published_at": "2026-06-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0612",
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0612"
        },
        {
          "published_at": "2026-06-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0602",
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0602"
        },
        {
          "published_at": "2026-06-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0610",
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0610"
        },
        {
          "published_at": "2026-06-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0601",
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0601"
        },
        {
          "published_at": "2026-06-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0603",
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0603"
        },
        {
          "published_at": "2026-06-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0608",
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0608"
        },
        {
          "published_at": "2026-06-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0609",
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0609"
        },
        {
          "published_at": "2026-06-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0611",
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0611"
        },
        {
          "published_at": "2026-06-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0606",
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0606"
        },
        {
          "published_at": "2026-06-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0605",
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0605"
        },
        {
          "published_at": "2026-06-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0604",
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0604"
        },
        {
          "published_at": "2026-06-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0607",
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0607"
        }
      ]
    }

    CERTFR-2026-AVI-0627

    Vulnerability from certfr_avis - Published: 2026-05-21 - Updated: 2026-05-21

    De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un problème de sécurité non spécifié par l'éditeur.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Splunk Splunk Enterprise Splunk Enterprise versions 10.2.x antérieures à 10.2.3
    Splunk N/A Splunk AI Toolkit versions 5.7.x antérieures à 5.7.3
    Splunk Splunk Cloud Platform Splunk Cloud Platform versions 9.3.2411 antérieures à 9.3.2411.129
    Splunk Splunk Cloud Platform Splunk Cloud Platform versions 10.3.2512 antérieures à 10.3.2512.9
    Splunk Splunk image Docker Splunk versions 10.2.x antérieures à 10.2.2
    Splunk Splunk Cloud Platform Splunk Cloud Platform versions 10.4.2603 antérieures à 10.4.2603.1
    Splunk Splunk AppDynamics Database Agent Splunk AppDynamics Database Agent versions antérieures à 26.4.0
    Splunk Splunk image Docker Splunk versions 9.4.x antérieures à 9.4.10
    Splunk Splunk User Behavior Analytics (UBA) Splunk User Behavior Analytics versions 5.4.x antérieures à 5.4.5
    Splunk Splunk AppDynamics Private Synthetic Agent Splunk AppDynamics Private Synthetic Agent versions antérieures à 26.4.0
    Splunk Splunk AppDynamics Analytics Agent Splunk AppDynamics Analytics Agent versions antérieures à 26.4.0
    Splunk N/A Splunk AppDynamics Cluster Agent versions antérieures à 26.4.0
    Splunk Splunk AppDynamics Machine Agent Splunk AppDynamics Machine Agent versions antérieures à 26.4.0
    Splunk Splunk Cloud Platform Splunk Cloud Platform versions 10.2.2510 antérieures à 10.2.2510.11
    Splunk N/A Splunk AppDynamics Python Agent versions antérieures à 26.4.1
    Splunk Splunk image Docker Splunk versions 10.0.x antérieures à 10.0.5
    Splunk N/A Splunk Add-on for Tomcat versions 3.3.x antérieures à 3.3.1
    Splunk Splunk Cloud Platform Splunk Cloud Platform versions 10.1.2507 antérieures à 10.1.2507.21
    Splunk Splunk Enterprise Splunk Enterprise versions 10.0.x antérieures à 10.0.6
    Splunk N/A Splunk AppDynamics Apache Web Server Agent versions 25.11.x antérieures à 25.11.1
    Splunk Splunk Enterprise Splunk Enterprise versions 9.4.x antérieures à 9.4.11
    Splunk Splunk image Docker Splunk versions 9.3.x antérieures à 9.3.11
    Splunk Splunk Cloud Platform Splunk Cloud Platform versions 10.0.2503 antérieures à 10.0.2503.13
    Splunk Universal Forwarder Splunk Universal Forwarder versions 9.4.x antérieures à 9.4.11
    Splunk Splunk Enterprise Splunk Enterprise versions 9.3.x antérieures à 9.3.12
    Splunk Splunk AppDynamics Java Agent Splunk AppDynamics Java Agent versions antérieures à 26.4.0
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Splunk Enterprise versions 10.2.x ant\u00e9rieures \u00e0 10.2.3",
          "product": {
            "name": "Splunk Enterprise",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk AI Toolkit versions 5.7.x ant\u00e9rieures \u00e0 5.7.3",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk Cloud Platform versions 9.3.2411 ant\u00e9rieures \u00e0 9.3.2411.129",
          "product": {
            "name": "Splunk Cloud Platform",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk Cloud Platform versions 10.3.2512 ant\u00e9rieures \u00e0 10.3.2512.9",
          "product": {
            "name": "Splunk Cloud Platform",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "image Docker Splunk versions 10.2.x ant\u00e9rieures \u00e0 10.2.2",
          "product": {
            "name": "Splunk",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk Cloud Platform versions 10.4.2603 ant\u00e9rieures \u00e0 10.4.2603.1",
          "product": {
            "name": "Splunk Cloud Platform",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk AppDynamics Database Agent versions ant\u00e9rieures \u00e0 26.4.0",
          "product": {
            "name": "Splunk AppDynamics Database Agent",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "image Docker Splunk versions 9.4.x ant\u00e9rieures \u00e0 9.4.10",
          "product": {
            "name": "Splunk",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk User Behavior Analytics versions 5.4.x ant\u00e9rieures \u00e0 5.4.5",
          "product": {
            "name": "Splunk User Behavior Analytics (UBA)",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk AppDynamics Private Synthetic Agent versions ant\u00e9rieures \u00e0 26.4.0",
          "product": {
            "name": "Splunk AppDynamics Private Synthetic Agent",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk AppDynamics Analytics Agent versions ant\u00e9rieures \u00e0 26.4.0",
          "product": {
            "name": "Splunk AppDynamics Analytics Agent",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk AppDynamics Cluster Agent versions ant\u00e9rieures \u00e0 26.4.0",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk AppDynamics Machine Agent versions ant\u00e9rieures \u00e0 26.4.0",
          "product": {
            "name": "Splunk AppDynamics Machine Agent",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk Cloud Platform versions 10.2.2510 ant\u00e9rieures \u00e0 10.2.2510.11",
          "product": {
            "name": "Splunk Cloud Platform",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk AppDynamics Python Agent versions ant\u00e9rieures \u00e0 26.4.1",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "image Docker Splunk versions 10.0.x ant\u00e9rieures \u00e0 10.0.5",
          "product": {
            "name": "Splunk",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk Add-on for Tomcat versions 3.3.x ant\u00e9rieures \u00e0 3.3.1",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk Cloud Platform versions 10.1.2507 ant\u00e9rieures \u00e0 10.1.2507.21",
          "product": {
            "name": "Splunk Cloud Platform",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk Enterprise versions 10.0.x ant\u00e9rieures \u00e0 10.0.6",
          "product": {
            "name": "Splunk Enterprise",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk AppDynamics Apache Web Server Agent versions 25.11.x ant\u00e9rieures \u00e0 25.11.1",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk Enterprise versions 9.4.x ant\u00e9rieures \u00e0 9.4.11",
          "product": {
            "name": "Splunk Enterprise",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "image Docker Splunk versions 9.3.x ant\u00e9rieures \u00e0 9.3.11",
          "product": {
            "name": "Splunk",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk Cloud Platform versions 10.0.2503 ant\u00e9rieures \u00e0 10.0.2503.13",
          "product": {
            "name": "Splunk Cloud Platform",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk Universal Forwarder versions 9.4.x ant\u00e9rieures \u00e0 9.4.11",
          "product": {
            "name": "Universal Forwarder",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk Enterprise versions 9.3.x ant\u00e9rieures \u00e0 9.3.12",
          "product": {
            "name": "Splunk Enterprise",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        },
        {
          "description": "Splunk AppDynamics Java Agent versions ant\u00e9rieures \u00e0 26.4.0",
          "product": {
            "name": "Splunk AppDynamics Java Agent",
            "vendor": {
              "name": "Splunk",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-26007",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
        },
        {
          "name": "CVE-2024-24790",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
        },
        {
          "name": "CVE-2025-58436",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58436"
        },
        {
          "name": "CVE-2018-19361",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
        },
        {
          "name": "CVE-2023-0216",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
        },
        {
          "name": "CVE-2026-32777",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32777"
        },
        {
          "name": "CVE-2025-61730",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
        },
        {
          "name": "CVE-2024-5321",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-5321"
        },
        {
          "name": "CVE-2019-17267",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
        },
        {
          "name": "CVE-2026-41324",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-41324"
        },
        {
          "name": "CVE-2024-1597",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
        },
        {
          "name": "CVE-2026-42308",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42308"
        },
        {
          "name": "CVE-2023-0401",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
        },
        {
          "name": "CVE-2026-21933",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
        },
        {
          "name": "CVE-2025-29775",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-29775"
        },
        {
          "name": "CVE-2026-3543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3543"
        },
        {
          "name": "CVE-2026-21932",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
        },
        {
          "name": "CVE-2018-19362",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
        },
        {
          "name": "CVE-2025-66199",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
        },
        {
          "name": "CVE-2025-15282",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15282"
        },
        {
          "name": "CVE-2026-33871",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
        },
        {
          "name": "CVE-2026-22737",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22737"
        },
        {
          "name": "CVE-2023-43642",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
        },
        {
          "name": "CVE-2025-68384",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68384"
        },
        {
          "name": "CVE-2024-9681",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
        },
        {
          "name": "CVE-2025-58190",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
        },
        {
          "name": "CVE-2025-68973",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
        },
        {
          "name": "CVE-2026-21637",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21637"
        },
        {
          "name": "CVE-2024-37891",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
        },
        {
          "name": "CVE-2026-22801",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22801"
        },
        {
          "name": "CVE-2026-42309",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42309"
        },
        {
          "name": "CVE-2023-49082",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-49082"
        },
        {
          "name": "CVE-2023-1370",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
        },
        {
          "name": "CVE-2026-39892",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
        },
        {
          "name": "CVE-2026-33186",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
        },
        {
          "name": "CVE-2018-14719",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
        },
        {
          "name": "CVE-2024-4068",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
        },
        {
          "name": "CVE-2025-22872",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
        },
        {
          "name": "CVE-2025-29774",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-29774"
        },
        {
          "name": "CVE-2025-28164",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-28164"
        },
        {
          "name": "CVE-2026-3540",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3540"
        },
        {
          "name": "CVE-2024-10220",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-10220"
        },
        {
          "name": "CVE-2024-45339",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45339"
        },
        {
          "name": "CVE-2020-9546",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
        },
        {
          "name": "CVE-2025-46762",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-46762"
        },
        {
          "name": "CVE-2023-37920",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
        },
        {
          "name": "CVE-2025-68156",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68156"
        },
        {
          "name": "CVE-2026-25990",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
        },
        {
          "name": "CVE-2026-32288",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32288"
        },
        {
          "name": "CVE-2022-45868",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-45868"
        },
        {
          "name": "CVE-2025-69223",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69223"
        },
        {
          "name": "CVE-2025-47907",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
        },
        {
          "name": "CVE-2020-10673",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
        },
        {
          "name": "CVE-2024-12797",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
        },
        {
          "name": "CVE-2025-30065",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30065"
        },
        {
          "name": "CVE-2025-12084",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
        },
        {
          "name": "CVE-2024-12086",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-12086"
        },
        {
          "name": "CVE-2024-25638",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-25638"
        },
        {
          "name": "CVE-2025-49146",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
        },
        {
          "name": "CVE-2026-34876",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34876"
        },
        {
          "name": "CVE-2025-4432",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-4432"
        },
        {
          "name": "CVE-2023-5590",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-5590"
        },
        {
          "name": "CVE-2025-11468",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-11468"
        },
        {
          "name": "CVE-2020-36181",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
        },
        {
          "name": "CVE-2020-9548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
        },
        {
          "name": "CVE-2020-36182",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
        },
        {
          "name": "CVE-2025-6069",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
        },
        {
          "name": "CVE-2020-24616",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
        },
        {
          "name": "CVE-2025-69419",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
        },
        {
          "name": "CVE-2025-6075",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
        },
        {
          "name": "CVE-2026-27456",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27456"
        },
        {
          "name": "CVE-2025-4330",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
        },
        {
          "name": "CVE-2025-58060",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58060"
        },
        {
          "name": "CVE-2020-36185",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
        },
        {
          "name": "CVE-2023-50782",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
        },
        {
          "name": "CVE-2025-4138",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
        },
        {
          "name": "CVE-2025-61731",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
        },
        {
          "name": "CVE-2023-0215",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
        },
        {
          "name": "CVE-2026-1605",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1605"
        },
        {
          "name": "CVE-2022-25647",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
        },
        {
          "name": "CVE-2023-0286",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
        },
        {
          "name": "CVE-2026-27143",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27143"
        },
        {
          "name": "CVE-2024-47561",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
        },
        {
          "name": "CVE-2019-16942",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
        },
        {
          "name": "CVE-2026-3061",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3061"
        },
        {
          "name": "CVE-2026-27171",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27171"
        },
        {
          "name": "CVE-2020-9547",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
        },
        {
          "name": "CVE-2026-3731",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3731"
        },
        {
          "name": "CVE-2020-36179",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
        },
        {
          "name": "CVE-2026-35469",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-35469"
        },
        {
          "name": "CVE-2026-3062",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3062"
        },
        {
          "name": "CVE-2018-14718",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
        },
        {
          "name": "CVE-2020-10650",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
        },
        {
          "name": "CVE-2024-24791",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
        },
        {
          "name": "CVE-2026-1861",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1861"
        },
        {
          "name": "CVE-2025-66516",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66516"
        },
        {
          "name": "CVE-2023-4807",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
        },
        {
          "name": "CVE-2023-2251",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-2251"
        },
        {
          "name": "CVE-2026-25833",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25833"
        },
        {
          "name": "CVE-2024-13176",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
        },
        {
          "name": "CVE-2025-49844",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-49844"
        },
        {
          "name": "CVE-2020-36186",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
        },
        {
          "name": "CVE-2025-15467",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
        },
        {
          "name": "CVE-2020-36189",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
        },
        {
          "name": "CVE-2024-58251",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-58251"
        },
        {
          "name": "CVE-2019-20444",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
        },
        {
          "name": "CVE-2025-9820",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-9820"
        },
        {
          "name": "CVE-2020-35490",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
        },
        {
          "name": "CVE-2026-33870",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
        },
        {
          "name": "CVE-2026-22690",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22690"
        },
        {
          "name": "CVE-2025-55130",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-55130"
        },
        {
          "name": "CVE-2023-34454",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
        },
        {
          "name": "CVE-2022-46337",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-46337"
        },
        {
          "name": "CVE-2021-20190",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
        },
        {
          "name": "CVE-2021-35516",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35516"
        },
        {
          "name": "CVE-2026-3544",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3544"
        },
        {
          "name": "CVE-2024-12084",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-12084"
        },
        {
          "name": "CVE-2023-44487",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
        },
        {
          "name": "CVE-2024-29857",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
        },
        {
          "name": "CVE-2020-13949",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-13949"
        },
        {
          "name": "CVE-2018-19360",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
        },
        {
          "name": "CVE-2026-2648",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2648"
        },
        {
          "name": "CVE-2023-47627",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-47627"
        },
        {
          "name": "CVE-2026-40200",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40200"
        },
        {
          "name": "CVE-2024-13009",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
        },
        {
          "name": "CVE-2026-27025",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27025"
        },
        {
          "name": "CVE-2025-55131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-55131"
        },
        {
          "name": "CVE-2026-32778",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32778"
        },
        {
          "name": "CVE-2026-5121",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5121"
        },
        {
          "name": "CVE-2024-12798",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
        },
        {
          "name": "CVE-2025-0938",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
        },
        {
          "name": "CVE-2025-27210",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27210"
        },
        {
          "name": "CVE-2019-16335",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
        },
        {
          "name": "CVE-2023-34453",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
        },
        {
          "name": "CVE-2022-40149",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
        },
        {
          "name": "CVE-2024-41996",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-41996"
        },
        {
          "name": "CVE-2025-50106",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
        },
        {
          "name": "CVE-2025-59465",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59465"
        },
        {
          "name": "CVE-2023-3635",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
        },
        {
          "name": "CVE-2026-21715",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21715"
        },
        {
          "name": "CVE-2020-1971",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
        },
        {
          "name": "CVE-2026-34073",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34073"
        },
        {
          "name": "CVE-2026-27144",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27144"
        },
        {
          "name": "CVE-2018-7489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
        },
        {
          "name": "CVE-2025-58057",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
        },
        {
          "name": "CVE-2025-8291",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
        },
        {
          "name": "CVE-2026-22795",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
        },
        {
          "name": "CVE-2026-32283",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
        },
        {
          "name": "CVE-2019-14893",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
        },
        {
          "name": "CVE-2019-10202",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
        },
        {
          "name": "CVE-2026-25834",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25834"
        },
        {
          "name": "CVE-2026-21925",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
        },
        {
          "name": "CVE-2026-3537",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3537"
        },
        {
          "name": "CVE-2024-34158",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
        },
        {
          "name": "CVE-2025-30754",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
        },
        {
          "name": "CVE-2025-69225",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69225"
        },
        {
          "name": "CVE-2025-62718",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
        },
        {
          "name": "CVE-2026-27024",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27024"
        },
        {
          "name": "CVE-2023-0217",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
        },
        {
          "name": "CVE-2021-35517",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
        },
        {
          "name": "CVE-2026-4424",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4424"
        },
        {
          "name": "CVE-2025-67030",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-67030"
        },
        {
          "name": "CVE-2026-34877",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34877"
        },
        {
          "name": "CVE-2026-32281",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
        },
        {
          "name": "CVE-2026-27142",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27142"
        },
        {
          "name": "CVE-2026-28389",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28389"
        },
        {
          "name": "CVE-2021-23358",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-23358"
        },
        {
          "name": "CVE-2025-31133",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
        },
        {
          "name": "CVE-2025-8194",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
        },
        {
          "name": "CVE-2024-11053",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
        },
        {
          "name": "CVE-2024-7264",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
        },
        {
          "name": "CVE-2026-34875",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34875"
        },
        {
          "name": "CVE-2026-21717",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21717"
        },
        {
          "name": "CVE-2025-64505",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64505"
        },
        {
          "name": "CVE-2025-69227",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69227"
        },
        {
          "name": "CVE-2025-50181",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
        },
        {
          "name": "CVE-2020-10672",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
        },
        {
          "name": "CVE-2022-3510",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
        },
        {
          "name": "CVE-2022-3509",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
        },
        {
          "name": "CVE-2025-1795",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
        },
        {
          "name": "CVE-2021-28165",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
        },
        {
          "name": "CVE-2025-69421",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
        },
        {
          "name": "CVE-2021-37137",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
        },
        {
          "name": "CVE-2019-14439",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
        },
        {
          "name": "CVE-2025-4517",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
        },
        {
          "name": "CVE-2025-58188",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
        },
        {
          "name": "CVE-2026-34478",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34478"
        },
        {
          "name": "CVE-2026-33055",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33055"
        },
        {
          "name": "CVE-2025-4674",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
        },
        {
          "name": "CVE-2025-4565",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
        },
        {
          "name": "CVE-2025-11143",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-11143"
        },
        {
          "name": "CVE-2026-34480",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34480"
        },
        {
          "name": "CVE-2017-7658",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-7658"
        },
        {
          "name": "CVE-2026-27699",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27699"
        },
        {
          "name": "CVE-2022-40150",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
        },
        {
          "name": "CVE-2025-47911",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47911"
        },
        {
          "name": "CVE-2025-28162",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-28162"
        },
        {
          "name": "CVE-2023-22946",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-22946"
        },
        {
          "name": "CVE-2026-33228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
        },
        {
          "name": "CVE-2020-36187",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
        },
        {
          "name": "CVE-2026-40175",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
        },
        {
          "name": "CVE-2025-13151",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-13151"
        },
        {
          "name": "CVE-2025-4435",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
        },
        {
          "name": "CVE-2024-21634",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
        },
        {
          "name": "CVE-2021-36090",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
        },
        {
          "name": "CVE-2026-21716",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21716"
        },
        {
          "name": "CVE-2025-64506",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64506"
        },
        {
          "name": "CVE-2024-53899",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-53899"
        },
        {
          "name": "CVE-2025-68161",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
        },
        {
          "name": "CVE-2026-28351",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28351"
        },
        {
          "name": "CVE-2025-52881",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
        },
        {
          "name": "CVE-2023-34455",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
        },
        {
          "name": "CVE-2024-5535",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
        },
        {
          "name": "CVE-2024-29131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
        },
        {
          "name": "CVE-2025-22868",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
        },
        {
          "name": "CVE-2025-14174",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14174"
        },
        {
          "name": "CVE-2024-12718",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
        },
        {
          "name": "CVE-2026-22796",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
        },
        {
          "name": "CVE-2025-64720",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
        },
        {
          "name": "CVE-2024-30251",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-30251"
        },
        {
          "name": "CVE-2020-11620",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
        },
        {
          "name": "CVE-2026-2650",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2650"
        },
        {
          "name": "CVE-2026-3541",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3541"
        },
        {
          "name": "CVE-2024-12801",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
        },
        {
          "name": "CVE-2021-37136",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
        },
        {
          "name": "CVE-2018-12022",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
        },
        {
          "name": "CVE-2026-3539",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3539"
        },
        {
          "name": "CVE-2026-34874",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34874"
        },
        {
          "name": "CVE-2026-21712",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21712"
        },
        {
          "name": "CVE-2018-5968",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
        },
        {
          "name": "CVE-2025-61732",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
        },
        {
          "name": "CVE-2024-27306",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27306"
        },
        {
          "name": "CVE-2025-61723",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
        },
        {
          "name": "CVE-2025-9232",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
        },
        {
          "name": "CVE-2024-8775",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-8775"
        },
        {
          "name": "CVE-2026-3538",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3538"
        },
        {
          "name": "CVE-2025-55159",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-55159"
        },
        {
          "name": "CVE-2025-55132",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-55132"
        },
        {
          "name": "CVE-2026-22702",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22702"
        },
        {
          "name": "CVE-2025-46394",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-46394"
        },
        {
          "name": "CVE-2025-66471",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
        },
        {
          "name": "CVE-2020-24750",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
        },
        {
          "name": "CVE-2026-25679",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
        },
        {
          "name": "CVE-2026-21441",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
        },
        {
          "name": "CVE-2024-45337",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
        },
        {
          "name": "CVE-2025-13836",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
        },
        {
          "name": "CVE-2023-39410",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
        },
        {
          "name": "CVE-2025-68390",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68390"
        },
        {
          "name": "CVE-2024-11079",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-11079"
        },
        {
          "name": "CVE-2026-22732",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22732"
        },
        {
          "name": "CVE-2025-61725",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
        },
        {
          "name": "CVE-2026-25210",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25210"
        },
        {
          "name": "CVE-2026-28387",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28387"
        },
        {
          "name": "CVE-2025-65018",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
        },
        {
          "name": "CVE-2026-28388",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28388"
        },
        {
          "name": "CVE-2026-40192",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40192"
        },
        {
          "name": "CVE-2025-66293",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
        },
        {
          "name": "CVE-2024-35195",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
        },
        {
          "name": "CVE-2019-16943",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
        },
        {
          "name": "CVE-2026-32289",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32289"
        },
        {
          "name": "CVE-2026-0865",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0865"
        },
        {
          "name": "CVE-2026-21714",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21714"
        },
        {
          "name": "CVE-2024-12087",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-12087"
        },
        {
          "name": "CVE-2017-7525",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
        },
        {
          "name": "CVE-2026-4111",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4111"
        },
        {
          "name": "CVE-2026-24515",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24515"
        },
        {
          "name": "CVE-2024-26130",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-26130"
        },
        {
          "name": "CVE-2019-20330",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
        },
        {
          "name": "CVE-2024-41110",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
        },
        {
          "name": "CVE-2025-50059",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
        },
        {
          "name": "CVE-2026-2441",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2441"
        },
        {
          "name": "CVE-2020-14195",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
        },
        {
          "name": "CVE-2025-69228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69228"
        },
        {
          "name": "CVE-2024-34156",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
        },
        {
          "name": "CVE-2020-35491",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
        },
        {
          "name": "CVE-2019-17531",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
        },
        {
          "name": "CVE-2025-1948",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-1948"
        },
        {
          "name": "CVE-2026-32280",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
        },
        {
          "name": "CVE-2025-27553",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27553"
        },
        {
          "name": "CVE-2025-30761",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
        },
        {
          "name": "CVE-2022-4450",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
        },
        {
          "name": "CVE-2026-27888",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27888"
        },
        {
          "name": "CVE-2024-7592",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
        },
        {
          "name": "CVE-2026-33056",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33056"
        },
        {
          "name": "CVE-2026-25835",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25835"
        },
        {
          "name": "CVE-2025-68160",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
        },
        {
          "name": "CVE-2022-3996",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
        },
        {
          "name": "CVE-2020-14061",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
        },
        {
          "name": "CVE-2025-52565",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
        },
        {
          "name": "CVE-2017-7657",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-7657"
        },
        {
          "name": "CVE-2025-67735",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
        },
        {
          "name": "CVE-2025-61728",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
        },
        {
          "name": "CVE-2026-0965",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0965"
        },
        {
          "name": "CVE-2020-36242",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-36242"
        },
        {
          "name": "CVE-2022-42004",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
        },
        {
          "name": "CVE-2022-40023",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-40023"
        },
        {
          "name": "CVE-2020-11619",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
        },
        {
          "name": "CVE-2025-9086",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
        },
        {
          "name": "CVE-2026-34872",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34872"
        },
        {
          "name": "CVE-2025-58187",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
        },
        {
          "name": "CVE-2024-29371",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
        },
        {
          "name": "CVE-2020-36183",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
        },
        {
          "name": "CVE-2026-3542",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3542"
        },
        {
          "name": "CVE-2023-49081",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-49081"
        },
        {
          "name": "CVE-2020-8840",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
        },
        {
          "name": "CVE-2026-34871",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34871"
        },
        {
          "name": "CVE-2025-22871",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
        },
        {
          "name": "CVE-2025-69226",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69226"
        },
        {
          "name": "CVE-2026-3536",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3536"
        },
        {
          "name": "CVE-2026-28390",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28390"
        },
        {
          "name": "CVE-2019-0205",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
        },
        {
          "name": "CVE-2024-32650",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-32650"
        },
        {
          "name": "CVE-2026-34873",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34873"
        },
        {
          "name": "CVE-2026-6042",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6042"
        },
        {
          "name": "CVE-2024-47081",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
        },
        {
          "name": "CVE-2019-10172",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
        },
        {
          "name": "CVE-2025-47913",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
        },
        {
          "name": "CVE-2024-55549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
        },
        {
          "name": "CVE-2024-0397",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
        },
        {
          "name": "CVE-2020-36184",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
        },
        {
          "name": "CVE-2026-0967",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0967"
        },
        {
          "name": "CVE-2025-69418",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
        },
        {
          "name": "CVE-2025-4516",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
        },
        {
          "name": "CVE-2025-22869",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
        },
        {
          "name": "CVE-2025-59466",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59466"
        },
        {
          "name": "CVE-2025-15468",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
        },
        {
          "name": "CVE-2026-25639",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
        },
        {
          "name": "CVE-2026-21713",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21713"
        },
        {
          "name": "CVE-2020-36180",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
        },
        {
          "name": "CVE-2018-12023",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-12023"
        },
        {
          "name": "CVE-2026-0968",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0968"
        },
        {
          "name": "CVE-2026-27140",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27140"
        },
        {
          "name": "CVE-2018-14720",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
        },
        {
          "name": "CVE-2024-52304",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-52304"
        },
        {
          "name": "CVE-2020-36518",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
        },
        {
          "name": "CVE-2026-21945",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
        },
        {
          "name": "CVE-2023-5408",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-5408"
        },
        {
          "name": "CVE-2025-69277",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69277"
        },
        {
          "name": "CVE-2026-25541",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25541"
        },
        {
          "name": "CVE-2026-31789",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31789"
        },
        {
          "name": "CVE-2026-22735",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22735"
        },
        {
          "name": "CVE-2026-42311",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42311"
        },
        {
          "name": "CVE-2026-20239",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-20239"
        },
        {
          "name": "CVE-2025-24855",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
        },
        {
          "name": "CVE-2026-3063",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3063"
        },
        {
          "name": "CVE-2019-0210",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-0210"
        },
        {
          "name": "CVE-2025-30749",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
        },
        {
          "name": "CVE-2024-27308",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27308"
        },
        {
          "name": "CVE-2026-42310",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42310"
        },
        {
          "name": "CVE-2026-22695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22695"
        },
        {
          "name": "CVE-2026-27139",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27139"
        },
        {
          "name": "CVE-2026-20240",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-20240"
        },
        {
          "name": "CVE-2023-49083",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
        },
        {
          "name": "CVE-2017-15095",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
        },
        {
          "name": "CVE-2019-14540",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
        },
        {
          "name": "CVE-2024-36114",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
        },
        {
          "name": "CVE-2019-12086",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
        },
        {
          "name": "CVE-2018-14721",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
        },
        {
          "name": "CVE-2025-48924",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
        },
        {
          "name": "CVE-2026-33810",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
        },
        {
          "name": "CVE-2025-66566",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66566"
        },
        {
          "name": "CVE-2025-11187",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
        },
        {
          "name": "CVE-2017-7656",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-7656"
        },
        {
          "name": "CVE-2026-27026",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27026"
        },
        {
          "name": "CVE-2026-2673",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2673"
        },
        {
          "name": "CVE-2018-20225",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-20225"
        },
        {
          "name": "CVE-2026-32282",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
        },
        {
          "name": "CVE-2018-11307",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
        },
        {
          "name": "CVE-2024-3651",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
        },
        {
          "name": "CVE-2025-68121",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
        },
        {
          "name": "CVE-2024-12088",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-12088"
        },
        {
          "name": "CVE-2025-14819",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14819"
        },
        {
          "name": "CVE-2022-42003",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
        },
        {
          "name": "CVE-2020-25649",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
        },
        {
          "name": "CVE-2026-27141",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27141"
        },
        {
          "name": "CVE-2023-2976",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
        },
        {
          "name": "CVE-2025-61726",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
        },
        {
          "name": "CVE-2017-17485",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
        },
        {
          "name": "CVE-2026-1584",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1584"
        },
        {
          "name": "CVE-2026-20238",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-20238"
        },
        {
          "name": "CVE-2024-23829",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-23829"
        },
        {
          "name": "CVE-2025-59464",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59464"
        },
        {
          "name": "CVE-2025-30153",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30153"
        },
        {
          "name": "CVE-2026-32141",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
        },
        {
          "name": "CVE-2019-14379",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
        },
        {
          "name": "CVE-2025-69229",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69229"
        },
        {
          "name": "CVE-2021-35515",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35515"
        },
        {
          "name": "CVE-2026-3545",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3545"
        },
        {
          "name": "CVE-2025-30204",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
        },
        {
          "name": "CVE-2026-28804",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28804"
        },
        {
          "name": "CVE-2026-34477",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34477"
        },
        {
          "name": "CVE-2025-53057",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
        },
        {
          "name": "CVE-2022-3171",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
        },
        {
          "name": "CVE-2026-2649",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2649"
        },
        {
          "name": "CVE-2024-39689",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
        },
        {
          "name": "CVE-2025-37731",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-37731"
        },
        {
          "name": "CVE-2026-24688",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24688"
        },
        {
          "name": "CVE-2026-32776",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32776"
        },
        {
          "name": "CVE-2025-12183",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-12183"
        },
        {
          "name": "CVE-2019-16869",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
        },
        {
          "name": "CVE-2025-68119",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68119"
        },
        {
          "name": "CVE-2025-7338",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
        },
        {
          "name": "CVE-2022-23491",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23491"
        },
        {
          "name": "CVE-2025-53066",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
        },
        {
          "name": "CVE-2026-22691",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22691"
        },
        {
          "name": "CVE-2026-27628",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27628"
        },
        {
          "name": "CVE-2025-69420",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
        },
        {
          "name": "CVE-2025-47273",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
        },
        {
          "name": "CVE-2026-1225",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
        },
        {
          "name": "CVE-2020-14060",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
        },
        {
          "name": "CVE-2026-31790",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
        },
        {
          "name": "CVE-2020-36188",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
        },
        {
          "name": "CVE-2025-61729",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
        },
        {
          "name": "CVE-2024-6345",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
        },
        {
          "name": "CVE-2025-14831",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14831"
        },
        {
          "name": "CVE-2024-23334",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-23334"
        },
        {
          "name": "CVE-2019-14892",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
        },
        {
          "name": "CVE-2026-21710",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21710"
        },
        {
          "name": "CVE-2025-66418",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
        },
        {
          "name": "CVE-2019-20445",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
        },
        {
          "name": "CVE-2025-11226",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
        },
        {
          "name": "CVE-2020-14062",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
        }
      ],
      "initial_release_date": "2026-05-21T00:00:00",
      "last_revision_date": "2026-05-21T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0627",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-05-21T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
      "vendor_advisories": [
        {
          "published_at": "2026-05-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0512",
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0512"
        },
        {
          "published_at": "2026-05-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0513",
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0513"
        },
        {
          "published_at": "2026-05-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0509",
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0509"
        },
        {
          "published_at": "2026-05-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0510",
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0510"
        },
        {
          "published_at": "2026-05-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0505",
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0505"
        },
        {
          "published_at": "2026-05-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0515",
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0515"
        },
        {
          "published_at": "2026-05-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0507",
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0507"
        },
        {
          "published_at": "2026-05-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0506",
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0506"
        },
        {
          "published_at": "2026-05-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0508",
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0508"
        },
        {
          "published_at": "2026-05-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0504",
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0504"
        },
        {
          "published_at": "2026-05-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0514",
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0514"
        },
        {
          "published_at": "2026-05-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0516",
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0516"
        },
        {
          "published_at": "2026-05-13",
          "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0501",
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0501"
        },
        {
          "published_at": "2026-05-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0503",
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0503"
        },
        {
          "published_at": "2026-05-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0511",
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0511"
        },
        {
          "published_at": "2026-05-20",
          "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0502",
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0502"
        }
      ]
    }

    CVE-2026-20266 (GCVE-0-2026-20266)

    Vulnerability from nvd – Published: 2026-06-17 17:07 – Updated: 2026-06-17 18:04
    VLAI
    Title
    OS Command Injection in the btool Configuration Helper in Splunk AI Toolkit
    Summary
    In Splunk AI Toolkit versions below 5.7.4, a user who holds the "admin" Splunk role could execute arbitrary OS commands on the host running the Splunk Enterprise instance. The vulnerability is possible because of an unsafe shell execution pattern in the btool configuration helper, which constructs OS command strings from dynamic parameters without disabling shell interpretation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk AI Toolkit Affected: 5.7 , < 5.7.4 (custom)
    Create a notification for this product.
    Date Public
    2026-06-17 00:00
    Credits
    Gabriel Nitu, Splunk
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20266",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T18:03:52.980872Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T18:04:08.968Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk AI Toolkit",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "5.7.4",
                  "status": "affected",
                  "version": "5.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Gabriel Nitu, Splunk"
            }
          ],
          "datePublic": "2026-06-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk AI Toolkit versions below 5.7.4, a user who holds the \"admin\" Splunk role could execute arbitrary OS commands on the host running the Splunk Enterprise instance.  \n\nThe vulnerability is possible because of an unsafe shell execution pattern in the btool configuration helper, which constructs OS command strings from dynamic parameters without disabling shell interpretation."
                }
              ],
              "value": "In Splunk AI Toolkit versions below 5.7.4, a user who holds the \"admin\" Splunk role could execute arbitrary OS commands on the host running the Splunk Enterprise instance.  \n\nThe vulnerability is possible because of an unsafe shell execution pattern in the btool configuration helper, which constructs OS command strings from dynamic parameters without disabling shell interpretation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T17:07:24.598Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0614"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0614"
          },
          "title": "OS Command Injection in the btool Configuration Helper in Splunk AI Toolkit"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20266",
        "datePublished": "2026-06-17T17:07:24.598Z",
        "dateReserved": "2025-10-08T11:59:15.402Z",
        "dateUpdated": "2026-06-17T18:04:08.968Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20265 (GCVE-0-2026-20265)

    Vulnerability from nvd – Published: 2026-06-17 17:07 – Updated: 2026-06-17 18:04
    VLAI
    Title
    Insecure Default Domain Allowlist in Splunk AI Toolkit
    Summary
    In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration. The vulnerability exists because of an insecure default domain allowlist in the Splunk AI Toolkit, which does not restrict outbound AI agent requests to approved external domains.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1188 - The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk AI Toolkit Affected: 5.7 , < 5.7.4 (custom)
    Create a notification for this product.
    Date Public
    2026-06-17 00:00
    Credits
    Gabriel Nitu, Splunk
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20265",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T18:04:24.981105Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T18:04:30.312Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk AI Toolkit",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "5.7.4",
                  "status": "affected",
                  "version": "5.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Gabriel Nitu, Splunk"
            }
          ],
          "datePublic": "2026-06-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration.  \n\nThe vulnerability exists because of an insecure default domain allowlist in the Splunk AI Toolkit, which does not restrict outbound AI agent  requests to approved external domains."
                }
              ],
              "value": "In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration.  \n\nThe vulnerability exists because of an insecure default domain allowlist in the Splunk AI Toolkit, which does not restrict outbound AI agent  requests to approved external domains."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1188",
                  "description": "The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T17:07:19.943Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0613"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0613"
          },
          "title": "Insecure Default Domain Allowlist in Splunk AI Toolkit"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20265",
        "datePublished": "2026-06-17T17:07:19.943Z",
        "dateReserved": "2025-10-08T11:59:15.402Z",
        "dateUpdated": "2026-06-17T18:04:30.312Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20260 (GCVE-0-2026-20260)

    Vulnerability from nvd – Published: 2026-06-10 17:16 – Updated: 2026-06-10 18:23
    VLAI
    Title
    Log Injection through HTTP Request Paths in Splunk SOAR
    Summary
    In Splunk SOAR (Security Orchestration, Automation, and Response) versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute (ANSI) escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might interpret when an administrator views the logs.<br><br>The injection is possible because SOAR does not strip control characters from HTTP request paths before writing them to application logs.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-117 - The software does not neutralize or incorrectly neutralizes output that is written to logs.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk SOAR Affected: 8.5 , < 8.5.0 (custom)
    Create a notification for this product.
    Date Public
    2026-06-10 00:00
    Credits
    STÖK / Fredrik Alexandersson
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20260",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T18:23:06.757464Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:23:13.215Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk SOAR",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "8.5.0",
                  "status": "affected",
                  "version": "8.5",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "ST\u00d6K / Fredrik Alexandersson"
            }
          ],
          "datePublic": "2026-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk SOAR (Security Orchestration, Automation, and Response) versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute (ANSI) escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might interpret when an administrator views the logs.\u003cbr\u003e\u003cbr\u003eThe injection is possible because SOAR does not strip control characters from HTTP request paths before writing them to application logs."
                }
              ],
              "value": "In Splunk SOAR (Security Orchestration, Automation, and Response) versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute (ANSI) escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might interpret when an administrator views the logs.\u003cbr\u003e\u003cbr\u003eThe injection is possible because SOAR does not strip control characters from HTTP request paths before writing them to application logs."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-117",
                  "description": "The software does not neutralize or incorrectly neutralizes output that is written to logs.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T17:16:20.653Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0611"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0611"
          },
          "title": "Log Injection through HTTP Request Paths in Splunk SOAR"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20260",
        "datePublished": "2026-06-10T17:16:20.653Z",
        "dateReserved": "2025-10-08T11:59:15.402Z",
        "dateUpdated": "2026-06-10T18:23:13.215Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20259 (GCVE-0-2026-20259)

    Vulnerability from nvd – Published: 2026-06-10 17:16 – Updated: 2026-06-10 18:24
    VLAI
    Title
    Improper Access Control in Splunk Enterprise
    Summary
    In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability `edit_saved_search_owner` could reassign saved search ownership to users outside their authorized scope. The ownership reassignment endpoint lacks access control.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
    Affected: 10.0 , < 10.0.7 (custom)
    Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.3.2512 , < 10.3.2512.12 (custom)
    Affected: 10.2.2510 , < 10.2.2510.15 (custom)
    Affected: 10.1.2507 , < 10.1.2507.23 (custom)
    Affected: 10.0.2503 , < 10.0.2503.14 (custom)
    Affected: 9.3.2411 , < 9.3.2411.131 (custom)
    Create a notification for this product.
    Date Public
    2026-06-10 00:00
    Credits
    Andres Perez, Splunk
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20259",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T18:24:17.180120Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:24:37.870Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.2.4",
                  "status": "affected",
                  "version": "10.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.7",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Cloud Platform",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.3.2512.12",
                  "status": "affected",
                  "version": "10.3.2512",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.2.2510.15",
                  "status": "affected",
                  "version": "10.2.2510",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.2507.23",
                  "status": "affected",
                  "version": "10.1.2507",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.2503.14",
                  "status": "affected",
                  "version": "10.0.2503",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.2411.131",
                  "status": "affected",
                  "version": "9.3.2411",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Andres Perez, Splunk"
            }
          ],
          "datePublic": "2026-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability `edit_saved_search_owner` could reassign saved search ownership to users outside their authorized scope. The ownership reassignment endpoint lacks access control."
                }
              ],
              "value": "In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability `edit_saved_search_owner` could reassign saved search ownership to users outside their authorized scope. The ownership reassignment endpoint lacks access control."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T17:16:02.256Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0609"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0609"
          },
          "title": "Improper Access Control in Splunk Enterprise"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20259",
        "datePublished": "2026-06-10T17:16:02.256Z",
        "dateReserved": "2025-10-08T11:59:15.401Z",
        "dateUpdated": "2026-06-10T18:24:37.870Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20258 (GCVE-0-2026-20258)

    Vulnerability from nvd – Published: 2026-06-10 17:16 – Updated: 2026-06-10 18:22
    VLAI
    Title
    Stored Cross-Site Scripting (XSS) through Classic Dashboard in Splunk Enterprise
    Summary
    In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could store a malicious script in a classic dashboard HTML panel, causing unauthorized JavaScript code to execute in the browser of another user. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
    Affected: 10.0 , < 10.0.7 (custom)
    Affected: 9.4 , < 9.4.12 (custom)
    Affected: 9.3 , < 9.3.13 (custom)
    Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.3.2512 , < 10.3.2512.11 (custom)
    Affected: 10.2.2510 , < 10.2.2510.15 (custom)
    Affected: 10.1.2507 , < 10.1.2507.23 (custom)
    Affected: 9.3.2411 , < 9.3.2411.132 (custom)
    Create a notification for this product.
    Date Public
    2026-06-10 00:00
    Credits
    Tony Tong
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20258",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T18:22:19.768336Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:22:27.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.2.4",
                  "status": "affected",
                  "version": "10.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.7",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.4.12",
                  "status": "affected",
                  "version": "9.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.13",
                  "status": "affected",
                  "version": "9.3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Cloud Platform",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.3.2512.11",
                  "status": "affected",
                  "version": "10.3.2512",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.2.2510.15",
                  "status": "affected",
                  "version": "10.2.2510",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.2507.23",
                  "status": "affected",
                  "version": "10.1.2507",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.2411.132",
                  "status": "affected",
                  "version": "9.3.2411",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Tony Tong"
            }
          ],
          "datePublic": "2026-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could store a malicious script in a classic dashboard HTML panel, causing unauthorized JavaScript code to execute in the browser of another user.  \n\nThe vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will."
                }
              ],
              "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could store a malicious script in a classic dashboard HTML panel, causing unauthorized JavaScript code to execute in the browser of another user.  \n\nThe vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T17:16:23.870Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0608"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0608"
          },
          "title": "Stored Cross-Site Scripting (XSS) through Classic Dashboard in Splunk Enterprise"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20258",
        "datePublished": "2026-06-10T17:16:23.870Z",
        "dateReserved": "2025-10-08T11:59:15.401Z",
        "dateUpdated": "2026-06-10T18:22:27.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20257 (GCVE-0-2026-20257)

    Vulnerability from nvd – Published: 2026-06-10 17:16 – Updated: 2026-06-10 18:24
    VLAI
    Title
    Improper Input Validation through Classic Dashboard CSS in Splunk Enterprise
    Summary
    In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a classic dashboard that exfiltrates sensitive data from the browser of a higher-privileged user who views it. The exfiltration is possible because classic dashboard panels do not fully validate style attribute values, which can allow for requests to reach external domains outside the configured Trusted Domains List. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
    Affected: 10.0 , < 10.0.7 (custom)
    Affected: 9.4 , < 9.4.12 (custom)
    Affected: 9.3 , < 9.3.13 (custom)
    Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.3.2512 , < 10.3.2512.13 (custom)
    Affected: 10.2.2510 , < 10.2.2510.15 (custom)
    Affected: 10.1.2507 , < 10.1.2507.23 (custom)
    Affected: 9.3.2411 , < 9.3.2411.132 (custom)
    Create a notification for this product.
    Date Public
    2026-06-10 00:00
    Credits
    Tony Tong (tongster)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20257",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T18:23:55.427272Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:24:02.482Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.2.4",
                  "status": "affected",
                  "version": "10.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.7",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.4.12",
                  "status": "affected",
                  "version": "9.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.13",
                  "status": "affected",
                  "version": "9.3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Cloud Platform",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.3.2512.13",
                  "status": "affected",
                  "version": "10.3.2512",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.2.2510.15",
                  "status": "affected",
                  "version": "10.2.2510",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.2507.23",
                  "status": "affected",
                  "version": "10.1.2507",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.2411.132",
                  "status": "affected",
                  "version": "9.3.2411",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Tony Tong (tongster)"
            }
          ],
          "datePublic": "2026-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a classic dashboard that exfiltrates sensitive data from the browser of a higher-privileged user who views it.  \n\nThe exfiltration is possible because classic dashboard panels do not fully validate style attribute values, which can allow for requests to reach external domains outside the configured Trusted Domains List.  \n\nThe vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will."
                }
              ],
              "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a classic dashboard that exfiltrates sensitive data from the browser of a higher-privileged user who views it.  \n\nThe exfiltration is possible because classic dashboard panels do not fully validate style attribute values, which can allow for requests to reach external domains outside the configured Trusted Domains List.  \n\nThe vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T17:16:03.885Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0607"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0607"
          },
          "title": "Improper Input Validation through Classic Dashboard CSS in Splunk Enterprise"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20257",
        "datePublished": "2026-06-10T17:16:03.885Z",
        "dateReserved": "2025-10-08T11:59:15.401Z",
        "dateUpdated": "2026-06-10T18:24:02.482Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20256 (GCVE-0-2026-20256)

    Vulnerability from nvd – Published: 2026-06-10 17:15 – Updated: 2026-06-10 18:19
    VLAI
    Title
    Improper Input Validation through Protocol-Relative URL in Classic Dashboards in Splunk Enterprise
    Summary
    In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could cause data exfiltration through classic dashboards by redirecting a victim to an external site using a protocol-relative URL in a drill-down link.<br><br>The vulnerability exists because the URL classifier in classic dashboards only recognizes `http://` and `https://` schemes when checking for external URLs. Protocol-relative URLs such as `//attacker.com` bypass this check entirely, and Splunk Web does not show the external-navigation warning dialog to the victim.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
    Affected: 10.0 , < 10.0.7 (custom)
    Affected: 9.4 , < 9.4.12 (custom)
    Affected: 9.3 , < 9.3.13 (custom)
    Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.3.2512 , < 10.3.2512.13 (custom)
    Affected: 10.2.2510 , < 10.2.2510.15 (custom)
    Affected: 10.1.2507 , < 10.1.2507.23 (custom)
    Affected: 9.3.2411 , < 9.3.2411.132 (custom)
    Create a notification for this product.
    Date Public
    2026-06-10 00:00
    Credits
    Tony Tong (tongster)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20256",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T18:18:59.939227Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:19:26.044Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.2.4",
                  "status": "affected",
                  "version": "10.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.7",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.4.12",
                  "status": "affected",
                  "version": "9.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.13",
                  "status": "affected",
                  "version": "9.3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Cloud Platform",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.3.2512.13",
                  "status": "affected",
                  "version": "10.3.2512",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.2.2510.15",
                  "status": "affected",
                  "version": "10.2.2510",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.2507.23",
                  "status": "affected",
                  "version": "10.1.2507",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.2411.132",
                  "status": "affected",
                  "version": "9.3.2411",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Tony Tong (tongster)"
            }
          ],
          "datePublic": "2026-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 Splunk roles could cause data exfiltration through classic dashboards by redirecting a victim to an external site using a protocol-relative URL in a drill-down link.\u003cbr\u003e\u003cbr\u003eThe vulnerability exists because the URL classifier in classic dashboards only recognizes `http://` and `https://` schemes when checking for external URLs. Protocol-relative URLs such as `//attacker.com` bypass this check entirely, and Splunk Web does not show the external-navigation warning dialog to the victim."
                }
              ],
              "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 Splunk roles could cause data exfiltration through classic dashboards by redirecting a victim to an external site using a protocol-relative URL in a drill-down link.\u003cbr\u003e\u003cbr\u003eThe vulnerability exists because the URL classifier in classic dashboards only recognizes `http://` and `https://` schemes when checking for external URLs. Protocol-relative URLs such as `//attacker.com` bypass this check entirely, and Splunk Web does not show the external-navigation warning dialog to the victim."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T17:15:55.966Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0606"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0606"
          },
          "title": "Improper Input Validation through Protocol-Relative URL in Classic Dashboards in Splunk Enterprise"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20256",
        "datePublished": "2026-06-10T17:15:55.966Z",
        "dateReserved": "2025-10-08T11:59:15.401Z",
        "dateUpdated": "2026-06-10T18:19:26.044Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20255 (GCVE-0-2026-20255)

    Vulnerability from nvd – Published: 2026-06-10 17:16 – Updated: 2026-06-10 18:25
    VLAI
    Title
    Improper Input Validation through Classic Dashboards in Splunk Enterprise
    Summary
    In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server. The vulnerability exists because URL validation on the external content dialog is incomplete, which can allow for requests to untrusted domains when a user interacts with a crafted dashboard.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
    Affected: 10.0 , < 10.0.7 (custom)
    Affected: 9.4 , < 9.4.12 (custom)
    Affected: 9.3 , < 9.3.13 (custom)
    Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.3.2512 , < 10.3.2512.13 (custom)
    Affected: 10.2.2510 , < 10.2.2510.15 (custom)
    Affected: 10.1.2507 , < 10.1.2507.23 (custom)
    Affected: 9.3.2411 , < 9.3.2411.132 (custom)
    Create a notification for this product.
    Date Public
    2026-06-10 00:00
    Credits
    Tony Tong (tongster)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20255",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T18:25:06.072954Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:25:12.492Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.2.4",
                  "status": "affected",
                  "version": "10.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.7",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.4.12",
                  "status": "affected",
                  "version": "9.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.13",
                  "status": "affected",
                  "version": "9.3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Cloud Platform",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.3.2512.13",
                  "status": "affected",
                  "version": "10.3.2512",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.2.2510.15",
                  "status": "affected",
                  "version": "10.2.2510",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.2507.23",
                  "status": "affected",
                  "version": "10.1.2507",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.2411.132",
                  "status": "affected",
                  "version": "9.3.2411",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Tony Tong (tongster)"
            }
          ],
          "datePublic": "2026-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server.  \n\nThe vulnerability exists because URL validation on the external content dialog is incomplete, which can allow for requests to untrusted domains when a user interacts with a crafted dashboard."
                }
              ],
              "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server.  \n\nThe vulnerability exists because URL validation on the external content dialog is incomplete, which can allow for requests to untrusted domains when a user interacts with a crafted dashboard."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T17:16:00.962Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0605"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0605"
          },
          "title": "Improper Input Validation through Classic Dashboards in Splunk Enterprise"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20255",
        "datePublished": "2026-06-10T17:16:00.962Z",
        "dateReserved": "2025-10-08T11:59:15.401Z",
        "dateUpdated": "2026-06-10T18:25:12.492Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20254 (GCVE-0-2026-20254)

    Vulnerability from nvd – Published: 2026-06-10 17:15 – Updated: 2026-06-10 18:27
    VLAI
    Title
    Information Disclosure through External Content Restriction Bypass in Splunk Enterprise
    Summary
    In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server when a higher-privileged user views it, bypassing the external content restriction through a Cascading Style Sheets (CSS) injection.<br><br>The Trusted Domains security check does not fully validate inline style attribute values, which can allow for outbound requests to untrusted domains and credential exfiltration when a victim views a crafted dashboard.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
    Affected: 10.0 , < 10.0.7 (custom)
    Affected: 9.4 , < 9.4.12 (custom)
    Affected: 9.3 , < 9.3.13 (custom)
    Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.3.2512 , < 10.3.2512.13 (custom)
    Affected: 10.2.2510 , < 10.2.2510.15 (custom)
    Affected: 10.1.2507 , < 10.1.2507.23 (custom)
    Affected: 9.3.2411 , < 9.3.2411.132 (custom)
    Create a notification for this product.
    Date Public
    2026-06-10 00:00
    Credits
    Fredrik Alexandersson (stok)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20254",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T18:26:45.451095Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:27:01.123Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.2.4",
                  "status": "affected",
                  "version": "10.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.7",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.4.12",
                  "status": "affected",
                  "version": "9.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.13",
                  "status": "affected",
                  "version": "9.3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Cloud Platform",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.3.2512.13",
                  "status": "affected",
                  "version": "10.3.2512",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.2.2510.15",
                  "status": "affected",
                  "version": "10.2.2510",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.2507.23",
                  "status": "affected",
                  "version": "10.1.2507",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.2411.132",
                  "status": "affected",
                  "version": "9.3.2411",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Fredrik Alexandersson (stok)"
            }
          ],
          "datePublic": "2026-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server when a higher-privileged user views it, bypassing the external content restriction through a Cascading Style Sheets (CSS) injection.\u003cbr\u003e\u003cbr\u003eThe Trusted Domains security check does not fully validate inline style attribute values, which can allow for outbound requests to untrusted domains and credential exfiltration when a victim views a crafted dashboard."
                }
              ],
              "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server when a higher-privileged user views it, bypassing the external content restriction through a Cascading Style Sheets (CSS) injection.\u003cbr\u003e\u003cbr\u003eThe Trusted Domains security check does not fully validate inline style attribute values, which can allow for outbound requests to untrusted domains and credential exfiltration when a victim views a crafted dashboard."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T17:15:59.452Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0604"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0604"
          },
          "title": "Information Disclosure through External Content Restriction Bypass in Splunk Enterprise"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20254",
        "datePublished": "2026-06-10T17:15:59.452Z",
        "dateReserved": "2025-10-08T11:59:15.401Z",
        "dateUpdated": "2026-06-10T18:27:01.123Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20253 (GCVE-0-2026-20253)

    Vulnerability from nvd – Published: 2026-06-10 17:16 – Updated: 2026-06-19 03:55
    VLAI CISA KEVIntel
    Title
    Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
    Summary
    In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
    Affected: 10.0 , < 10.0.7 (custom)
    Create a notification for this product.
    Date Public
    2026-06-10 00:00
    Credits
    Alex Hordijk (hordalex)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20253",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-06-18",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20253"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-19T03:55:19.206Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://labs.watchtowr.com/why-use-app-level-auth-when-every-database-has-auth-splunk-enterprise-cve-2026-20253-pre-auth-rce/"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20253"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-18T00:00:00.000Z",
                "value": "CVE-2026-20253 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.2.4",
                  "status": "affected",
                  "version": "10.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.7",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Alex Hordijk (hordalex)"
            }
          ],
          "datePublic": "2026-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service."
                }
              ],
              "value": "In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-15T20:33:56.243Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0603"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0603"
          },
          "title": "Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20253",
        "datePublished": "2026-06-10T17:16:21.242Z",
        "dateReserved": "2025-10-08T11:59:15.401Z",
        "dateUpdated": "2026-06-19T03:55:19.206Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20252 (GCVE-0-2026-20252)

    Vulnerability from nvd – Published: 2026-06-10 17:16 – Updated: 2026-06-10 18:23
    VLAI
    Title
    Server-Side Request Forgery (SSRF) through Dashboard Studio PDF Export in Splunk Enterprise
    Summary
    In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could send server-side requests to arbitrary internal destinations through the Dashboard Studio PDF export feature. The vulnerability exists because the trusted-domain validation uses a prefix match that can be bypassed with attacker-controlled subdomains (for example, docs.splunk.com.evil.com), and because the PDF export service follows HTTP redirects automatically without re-validating each redirect target against the allowlist.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
    Affected: 10.0 , < 10.0.7 (custom)
    Affected: 9.4 , < 9.4.12 (custom)
    Affected: 9.3 , < 9.3.13 (custom)
    Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.4.2604 , < 10.4.2604.3 (custom)
    Affected: 10.3.2512 , < 10.3.2512.12 (custom)
    Affected: 10.2.2510 , < 10.2.2510.14 (custom)
    Affected: 10.1.2507 , < 10.1.2507.22 (custom)
    Affected: 9.3.2411 , < 9.3.2411.132 (custom)
    Create a notification for this product.
    Date Public
    2026-06-10 00:00
    Credits
    M Mahdan Argya Syarif (0xbeludan)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20252",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T18:23:29.592434Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:23:36.803Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.2.4",
                  "status": "affected",
                  "version": "10.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.7",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.4.12",
                  "status": "affected",
                  "version": "9.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.13",
                  "status": "affected",
                  "version": "9.3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Cloud Platform",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.4.2604.3",
                  "status": "affected",
                  "version": "10.4.2604",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.3.2512.12",
                  "status": "affected",
                  "version": "10.3.2512",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.2.2510.14",
                  "status": "affected",
                  "version": "10.2.2510",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.2507.22",
                  "status": "affected",
                  "version": "10.1.2507",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.2411.132",
                  "status": "affected",
                  "version": "9.3.2411",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "M Mahdan Argya Syarif (0xbeludan)"
            }
          ],
          "datePublic": "2026-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could send server-side requests to arbitrary internal destinations through the Dashboard Studio PDF export feature.  \n\nThe vulnerability exists because the trusted-domain validation uses a prefix match that can be bypassed with attacker-controlled subdomains (for example, docs.splunk.com.evil.com), and because the PDF export service follows HTTP redirects automatically without re-validating each redirect target against the allowlist."
                }
              ],
              "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could send server-side requests to arbitrary internal destinations through the Dashboard Studio PDF export feature.  \n\nThe vulnerability exists because the trusted-domain validation uses a prefix match that can be bypassed with attacker-controlled subdomains (for example, docs.splunk.com.evil.com), and because the PDF export service follows HTTP redirects automatically without re-validating each redirect target against the allowlist."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T17:16:19.518Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0602"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0602"
          },
          "title": "Server-Side Request Forgery (SSRF) through Dashboard Studio PDF Export in Splunk Enterprise"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20252",
        "datePublished": "2026-06-10T17:16:19.518Z",
        "dateReserved": "2025-10-08T11:59:15.401Z",
        "dateUpdated": "2026-06-10T18:23:36.803Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20251 (GCVE-0-2026-20251)

    Vulnerability from nvd – Published: 2026-06-10 17:16 – Updated: 2026-06-11 03:55
    VLAI
    Title
    Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway
    Summary
    In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, and Splunk Secure Gateway versions below 3.10.6, 3.9.20, and 3.8.67, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could perform a Remote Code Execution (RCE) through the Splunk Secure Gateway app.<br><br>The Remote Code Execution is possible because of unsafe deserialization of App Key Value Store (KV Store) data through the ‘jsonpickle’ Python library, which reconstructs arbitrary Python objects from specially crafted JavaScript Object Notation (JSON) without adequate validation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
    Affected: 10.0 , < 10.0.7 (custom)
    Affected: 9.4 , < 9.4.12 (custom)
    Affected: 9.3 , < 9.3.13 (custom)
    Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.3.2512 , < 10.3.2512.12 (custom)
    Affected: 10.2.2510 , < 10.2.2510.14 (custom)
    Affected: 10.1.2507 , < 10.1.2507.22 (custom)
    Affected: 9.3.2411 , < 9.3.2411.132 (custom)
    Create a notification for this product.
    Splunk Splunk Secure Gateway Affected: 3.10 , < 3.10.6 (custom)
    Affected: 3.9 , < 3.9.20 (custom)
    Affected: 3.8 , < 3.8.67 (custom)
    Create a notification for this product.
    Date Public
    2026-06-10 00:00
    Credits
    M Mahdan Argya Syarif (0xbeludan)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20251",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-11T03:55:39.372Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.2.4",
                  "status": "affected",
                  "version": "10.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.7",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.4.12",
                  "status": "affected",
                  "version": "9.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.13",
                  "status": "affected",
                  "version": "9.3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Cloud Platform",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.3.2512.12",
                  "status": "affected",
                  "version": "10.3.2512",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.2.2510.14",
                  "status": "affected",
                  "version": "10.2.2510",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.2507.22",
                  "status": "affected",
                  "version": "10.1.2507",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.2411.132",
                  "status": "affected",
                  "version": "9.3.2411",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Secure Gateway",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "3.10.6",
                  "status": "affected",
                  "version": "3.10",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.9.20",
                  "status": "affected",
                  "version": "3.9",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.8.67",
                  "status": "affected",
                  "version": "3.8",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "M Mahdan Argya Syarif (0xbeludan)"
            }
          ],
          "datePublic": "2026-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, and Splunk Secure Gateway versions below 3.10.6, 3.9.20, and 3.8.67, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 Splunk roles could perform a Remote Code Execution (RCE) through the Splunk Secure Gateway app.\u003cbr\u003e\u003cbr\u003eThe Remote Code Execution is possible because of unsafe deserialization of App Key Value Store (KV Store) data through the \u2018jsonpickle\u2019 Python library, which reconstructs arbitrary Python objects from specially crafted JavaScript Object Notation (JSON) without adequate validation."
                }
              ],
              "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, and Splunk Secure Gateway versions below 3.10.6, 3.9.20, and 3.8.67, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 Splunk roles could perform a Remote Code Execution (RCE) through the Splunk Secure Gateway app.\u003cbr\u003e\u003cbr\u003eThe Remote Code Execution is possible because of unsafe deserialization of App Key Value Store (KV Store) data through the \u2018jsonpickle\u2019 Python library, which reconstructs arbitrary Python objects from specially crafted JavaScript Object Notation (JSON) without adequate validation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T17:16:00.352Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0601"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0601"
          },
          "title": "Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20251",
        "datePublished": "2026-06-10T17:16:00.352Z",
        "dateReserved": "2025-10-08T11:59:15.401Z",
        "dateUpdated": "2026-06-11T03:55:39.372Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20240 (GCVE-0-2026-20240)

    Vulnerability from nvd – Published: 2026-05-20 16:32 – Updated: 2026-05-20 17:47
    VLAI
    Title
    Denial of Service through coldToFrozen.sh Script in Splunk Enterprise
    Summary
    In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the ‘admin’ or ‘power’ Splunk roles could cause a Denial of Service by exploiting the `coldToFrozen.sh` script in the `splunk_archiver` app to rename critical Splunk directories, making the instance non-functional.<br><br>The Denial of Service is possible because of missing input validation in the `coldToFrozen.sh` script, which accepts arbitrary file paths and renames them without restricting operations to safe directories.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk Enterprise Affected: 10.2 , < 10.2.2 (custom)
    Affected: 10.0 , < 10.0.5 (custom)
    Affected: 9.4 , < 9.4.11 (custom)
    Affected: 9.3 , < 9.3.12 (custom)
    Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.4.2603 , < 10.4.2603.1 (custom)
    Affected: 10.3.2512 , < 10.3.2512.9 (custom)
    Affected: 10.2.2510 , < 10.2.2510.11 (custom)
    Affected: 10.1.2507 , < 10.1.2507.21 (custom)
    Affected: 10.0.2503 , < 10.0.2503.13 (custom)
    Affected: 9.3.2411 , < 9.3.2411.129 (custom)
    Create a notification for this product.
    Date Public
    2026-05-20 00:00
    Credits
    Alex Hordijk (hordalex)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20240",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-20T17:47:29.920729Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-20T17:47:46.372Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.2.2",
                  "status": "affected",
                  "version": "10.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.5",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.4.11",
                  "status": "affected",
                  "version": "9.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.12",
                  "status": "affected",
                  "version": "9.3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Cloud Platform",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.4.2603.1",
                  "status": "affected",
                  "version": "10.4.2603",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.3.2512.9",
                  "status": "affected",
                  "version": "10.3.2512",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.2.2510.11",
                  "status": "affected",
                  "version": "10.2.2510",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.2507.21",
                  "status": "affected",
                  "version": "10.1.2507",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.2503.13",
                  "status": "affected",
                  "version": "10.0.2503",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.2411.129",
                  "status": "affected",
                  "version": "9.3.2411",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Alex Hordijk (hordalex)"
            }
          ],
          "datePublic": "2026-05-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the \u2018admin\u2019 or \u2018power\u2019 Splunk roles could cause a Denial of Service by exploiting the `coldToFrozen.sh` script in the `splunk_archiver` app to rename critical Splunk directories, making the instance non-functional.\u003cbr\u003e\u003cbr\u003eThe Denial of Service is possible because of missing input validation in the `coldToFrozen.sh` script, which accepts arbitrary file paths and renames them without restricting operations to safe directories."
                }
              ],
              "value": "In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the \u2018admin\u2019 or \u2018power\u2019 Splunk roles could cause a Denial of Service by exploiting the `coldToFrozen.sh` script in the `splunk_archiver` app to rename critical Splunk directories, making the instance non-functional.\u003cbr\u003e\u003cbr\u003eThe Denial of Service is possible because of missing input validation in the `coldToFrozen.sh` script, which accepts arbitrary file paths and renames them without restricting operations to safe directories."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T16:32:05.687Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0504"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0504"
          },
          "title": "Denial of Service through coldToFrozen.sh Script in Splunk Enterprise"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20240",
        "datePublished": "2026-05-20T16:32:05.687Z",
        "dateReserved": "2025-10-08T11:59:15.400Z",
        "dateUpdated": "2026-05-20T17:47:46.372Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20239 (GCVE-0-2026-20239)

    Vulnerability from nvd – Published: 2026-05-20 16:32 – Updated: 2026-05-21 03:55
    VLAI
    Title
    Sensitive Information Disclosure through Log Files in Splunk Enterprise
    Summary
    In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_internal` index could view session cookies and response bodies that contain sensitive data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk Enterprise Affected: 10.2 , < 10.2.2 (custom)
    Affected: 10.0 , < 10.0.5 (custom)
    Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.3.2512 , < 10.3.2512.8 (custom)
    Affected: 10.2.2510 , < 10.2.2510.11 (custom)
    Affected: 10.1.2507 , < 10.1.2507.21 (custom)
    Affected: 10.0.2503 , < 10.0.2503.13 (custom)
    Create a notification for this product.
    Date Public
    2026-05-20 00:00
    Credits
    Charlie Huggard, Splunk
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20239",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-20T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-21T03:55:38.324Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.2.2",
                  "status": "affected",
                  "version": "10.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.5",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Cloud Platform",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.3.2512.8",
                  "status": "affected",
                  "version": "10.3.2512",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.2.2510.11",
                  "status": "affected",
                  "version": "10.2.2510",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.2507.21",
                  "status": "affected",
                  "version": "10.1.2507",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.2503.13",
                  "status": "affected",
                  "version": "10.0.2503",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Charlie Huggard, Splunk"
            }
          ],
          "datePublic": "2026-05-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_internal` index could view session cookies and response bodies that contain sensitive data."
                }
              ],
              "value": "In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_internal` index could view session cookies and response bodies that contain sensitive data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T16:32:12.678Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0503"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0503"
          },
          "title": "Sensitive Information Disclosure through Log Files in Splunk Enterprise"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20239",
        "datePublished": "2026-05-20T16:32:12.678Z",
        "dateReserved": "2025-10-08T11:59:15.400Z",
        "dateUpdated": "2026-05-21T03:55:38.324Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20238 (GCVE-0-2026-20238)

    Vulnerability from nvd – Published: 2026-05-20 16:32 – Updated: 2026-05-20 17:48
    VLAI
    Title
    Improper Access Control through Role Inheritance in Splunk AI Toolkit app
    Summary
    In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through `srchFilter` configurations on custom roles.<br><br>The app contains an `authorize.conf` configuration file with a `srchFilter` entry that modifies the built-in ‘user’ role. Because the Splunk platform combines inherited search filters with the `OR` SPL operator, the injected filter overrides more restrictive filters on child roles.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk AI Toolkit Affected: 5.7 , < 5.7.3 (custom)
    Create a notification for this product.
    Date Public
    2026-05-20 00:00
    Credits
    Martin Muller, Splunk
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20238",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-20T17:48:33.784566Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-20T17:48:46.704Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk AI Toolkit",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "5.7.3",
                  "status": "affected",
                  "version": "5.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Martin Muller, Splunk"
            }
          ],
          "datePublic": "2026-05-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 roles could access confidential data that was restricted through `srchFilter` configurations on custom roles.\u003cbr\u003e\u003cbr\u003eThe app contains an `authorize.conf` configuration file with a `srchFilter` entry that modifies the built-in \u2018user\u2019 role. Because the Splunk platform combines inherited search filters with the `OR` SPL operator, the injected filter overrides more restrictive filters on child roles."
                }
              ],
              "value": "In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 roles could access confidential data that was restricted through `srchFilter` configurations on custom roles.\u003cbr\u003e\u003cbr\u003eThe app contains an `authorize.conf` configuration file with a `srchFilter` entry that modifies the built-in \u2018user\u2019 role. Because the Splunk platform combines inherited search filters with the `OR` SPL operator, the injected filter overrides more restrictive filters on child roles."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T16:32:19.740Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0502"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0502"
          },
          "title": "Improper Access Control through Role Inheritance in Splunk AI Toolkit app"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20238",
        "datePublished": "2026-05-20T16:32:19.740Z",
        "dateReserved": "2025-10-08T11:59:15.400Z",
        "dateUpdated": "2026-05-20T17:48:46.704Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20266 (GCVE-0-2026-20266)

    Vulnerability from cvelistv5 – Published: 2026-06-17 17:07 – Updated: 2026-06-17 18:04
    VLAI
    Title
    OS Command Injection in the btool Configuration Helper in Splunk AI Toolkit
    Summary
    In Splunk AI Toolkit versions below 5.7.4, a user who holds the "admin" Splunk role could execute arbitrary OS commands on the host running the Splunk Enterprise instance. The vulnerability is possible because of an unsafe shell execution pattern in the btool configuration helper, which constructs OS command strings from dynamic parameters without disabling shell interpretation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk AI Toolkit Affected: 5.7 , < 5.7.4 (custom)
    Create a notification for this product.
    Date Public
    2026-06-17 00:00
    Credits
    Gabriel Nitu, Splunk
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20266",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T18:03:52.980872Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T18:04:08.968Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk AI Toolkit",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "5.7.4",
                  "status": "affected",
                  "version": "5.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Gabriel Nitu, Splunk"
            }
          ],
          "datePublic": "2026-06-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk AI Toolkit versions below 5.7.4, a user who holds the \"admin\" Splunk role could execute arbitrary OS commands on the host running the Splunk Enterprise instance.  \n\nThe vulnerability is possible because of an unsafe shell execution pattern in the btool configuration helper, which constructs OS command strings from dynamic parameters without disabling shell interpretation."
                }
              ],
              "value": "In Splunk AI Toolkit versions below 5.7.4, a user who holds the \"admin\" Splunk role could execute arbitrary OS commands on the host running the Splunk Enterprise instance.  \n\nThe vulnerability is possible because of an unsafe shell execution pattern in the btool configuration helper, which constructs OS command strings from dynamic parameters without disabling shell interpretation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T17:07:24.598Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0614"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0614"
          },
          "title": "OS Command Injection in the btool Configuration Helper in Splunk AI Toolkit"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20266",
        "datePublished": "2026-06-17T17:07:24.598Z",
        "dateReserved": "2025-10-08T11:59:15.402Z",
        "dateUpdated": "2026-06-17T18:04:08.968Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20265 (GCVE-0-2026-20265)

    Vulnerability from cvelistv5 – Published: 2026-06-17 17:07 – Updated: 2026-06-17 18:04
    VLAI
    Title
    Insecure Default Domain Allowlist in Splunk AI Toolkit
    Summary
    In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration. The vulnerability exists because of an insecure default domain allowlist in the Splunk AI Toolkit, which does not restrict outbound AI agent requests to approved external domains.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1188 - The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk AI Toolkit Affected: 5.7 , < 5.7.4 (custom)
    Create a notification for this product.
    Date Public
    2026-06-17 00:00
    Credits
    Gabriel Nitu, Splunk
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20265",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T18:04:24.981105Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T18:04:30.312Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk AI Toolkit",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "5.7.4",
                  "status": "affected",
                  "version": "5.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Gabriel Nitu, Splunk"
            }
          ],
          "datePublic": "2026-06-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration.  \n\nThe vulnerability exists because of an insecure default domain allowlist in the Splunk AI Toolkit, which does not restrict outbound AI agent  requests to approved external domains."
                }
              ],
              "value": "In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration.  \n\nThe vulnerability exists because of an insecure default domain allowlist in the Splunk AI Toolkit, which does not restrict outbound AI agent  requests to approved external domains."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1188",
                  "description": "The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T17:07:19.943Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0613"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0613"
          },
          "title": "Insecure Default Domain Allowlist in Splunk AI Toolkit"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20265",
        "datePublished": "2026-06-17T17:07:19.943Z",
        "dateReserved": "2025-10-08T11:59:15.402Z",
        "dateUpdated": "2026-06-17T18:04:30.312Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20258 (GCVE-0-2026-20258)

    Vulnerability from cvelistv5 – Published: 2026-06-10 17:16 – Updated: 2026-06-10 18:22
    VLAI
    Title
    Stored Cross-Site Scripting (XSS) through Classic Dashboard in Splunk Enterprise
    Summary
    In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could store a malicious script in a classic dashboard HTML panel, causing unauthorized JavaScript code to execute in the browser of another user. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
    Affected: 10.0 , < 10.0.7 (custom)
    Affected: 9.4 , < 9.4.12 (custom)
    Affected: 9.3 , < 9.3.13 (custom)
    Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.3.2512 , < 10.3.2512.11 (custom)
    Affected: 10.2.2510 , < 10.2.2510.15 (custom)
    Affected: 10.1.2507 , < 10.1.2507.23 (custom)
    Affected: 9.3.2411 , < 9.3.2411.132 (custom)
    Create a notification for this product.
    Date Public
    2026-06-10 00:00
    Credits
    Tony Tong
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20258",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T18:22:19.768336Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:22:27.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.2.4",
                  "status": "affected",
                  "version": "10.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.7",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.4.12",
                  "status": "affected",
                  "version": "9.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.13",
                  "status": "affected",
                  "version": "9.3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Cloud Platform",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.3.2512.11",
                  "status": "affected",
                  "version": "10.3.2512",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.2.2510.15",
                  "status": "affected",
                  "version": "10.2.2510",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.2507.23",
                  "status": "affected",
                  "version": "10.1.2507",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.2411.132",
                  "status": "affected",
                  "version": "9.3.2411",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Tony Tong"
            }
          ],
          "datePublic": "2026-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could store a malicious script in a classic dashboard HTML panel, causing unauthorized JavaScript code to execute in the browser of another user.  \n\nThe vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will."
                }
              ],
              "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could store a malicious script in a classic dashboard HTML panel, causing unauthorized JavaScript code to execute in the browser of another user.  \n\nThe vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T17:16:23.870Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0608"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0608"
          },
          "title": "Stored Cross-Site Scripting (XSS) through Classic Dashboard in Splunk Enterprise"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20258",
        "datePublished": "2026-06-10T17:16:23.870Z",
        "dateReserved": "2025-10-08T11:59:15.401Z",
        "dateUpdated": "2026-06-10T18:22:27.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20253 (GCVE-0-2026-20253)

    Vulnerability from cvelistv5 – Published: 2026-06-10 17:16 – Updated: 2026-06-19 03:55
    VLAI CISA KEVIntel
    Title
    Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
    Summary
    In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
    Affected: 10.0 , < 10.0.7 (custom)
    Create a notification for this product.
    Date Public
    2026-06-10 00:00
    Credits
    Alex Hordijk (hordalex)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20253",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-06-18",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20253"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-19T03:55:19.206Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://labs.watchtowr.com/why-use-app-level-auth-when-every-database-has-auth-splunk-enterprise-cve-2026-20253-pre-auth-rce/"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20253"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-18T00:00:00.000Z",
                "value": "CVE-2026-20253 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.2.4",
                  "status": "affected",
                  "version": "10.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.7",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Alex Hordijk (hordalex)"
            }
          ],
          "datePublic": "2026-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service."
                }
              ],
              "value": "In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-15T20:33:56.243Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0603"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0603"
          },
          "title": "Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20253",
        "datePublished": "2026-06-10T17:16:21.242Z",
        "dateReserved": "2025-10-08T11:59:15.401Z",
        "dateUpdated": "2026-06-19T03:55:19.206Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20260 (GCVE-0-2026-20260)

    Vulnerability from cvelistv5 – Published: 2026-06-10 17:16 – Updated: 2026-06-10 18:23
    VLAI
    Title
    Log Injection through HTTP Request Paths in Splunk SOAR
    Summary
    In Splunk SOAR (Security Orchestration, Automation, and Response) versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute (ANSI) escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might interpret when an administrator views the logs.<br><br>The injection is possible because SOAR does not strip control characters from HTTP request paths before writing them to application logs.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-117 - The software does not neutralize or incorrectly neutralizes output that is written to logs.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk SOAR Affected: 8.5 , < 8.5.0 (custom)
    Create a notification for this product.
    Date Public
    2026-06-10 00:00
    Credits
    STÖK / Fredrik Alexandersson
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20260",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T18:23:06.757464Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:23:13.215Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk SOAR",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "8.5.0",
                  "status": "affected",
                  "version": "8.5",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "ST\u00d6K / Fredrik Alexandersson"
            }
          ],
          "datePublic": "2026-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk SOAR (Security Orchestration, Automation, and Response) versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute (ANSI) escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might interpret when an administrator views the logs.\u003cbr\u003e\u003cbr\u003eThe injection is possible because SOAR does not strip control characters from HTTP request paths before writing them to application logs."
                }
              ],
              "value": "In Splunk SOAR (Security Orchestration, Automation, and Response) versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute (ANSI) escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might interpret when an administrator views the logs.\u003cbr\u003e\u003cbr\u003eThe injection is possible because SOAR does not strip control characters from HTTP request paths before writing them to application logs."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-117",
                  "description": "The software does not neutralize or incorrectly neutralizes output that is written to logs.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T17:16:20.653Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0611"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0611"
          },
          "title": "Log Injection through HTTP Request Paths in Splunk SOAR"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20260",
        "datePublished": "2026-06-10T17:16:20.653Z",
        "dateReserved": "2025-10-08T11:59:15.402Z",
        "dateUpdated": "2026-06-10T18:23:13.215Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20252 (GCVE-0-2026-20252)

    Vulnerability from cvelistv5 – Published: 2026-06-10 17:16 – Updated: 2026-06-10 18:23
    VLAI
    Title
    Server-Side Request Forgery (SSRF) through Dashboard Studio PDF Export in Splunk Enterprise
    Summary
    In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could send server-side requests to arbitrary internal destinations through the Dashboard Studio PDF export feature. The vulnerability exists because the trusted-domain validation uses a prefix match that can be bypassed with attacker-controlled subdomains (for example, docs.splunk.com.evil.com), and because the PDF export service follows HTTP redirects automatically without re-validating each redirect target against the allowlist.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
    Affected: 10.0 , < 10.0.7 (custom)
    Affected: 9.4 , < 9.4.12 (custom)
    Affected: 9.3 , < 9.3.13 (custom)
    Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.4.2604 , < 10.4.2604.3 (custom)
    Affected: 10.3.2512 , < 10.3.2512.12 (custom)
    Affected: 10.2.2510 , < 10.2.2510.14 (custom)
    Affected: 10.1.2507 , < 10.1.2507.22 (custom)
    Affected: 9.3.2411 , < 9.3.2411.132 (custom)
    Create a notification for this product.
    Date Public
    2026-06-10 00:00
    Credits
    M Mahdan Argya Syarif (0xbeludan)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20252",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T18:23:29.592434Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:23:36.803Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.2.4",
                  "status": "affected",
                  "version": "10.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.7",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.4.12",
                  "status": "affected",
                  "version": "9.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.13",
                  "status": "affected",
                  "version": "9.3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Cloud Platform",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.4.2604.3",
                  "status": "affected",
                  "version": "10.4.2604",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.3.2512.12",
                  "status": "affected",
                  "version": "10.3.2512",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.2.2510.14",
                  "status": "affected",
                  "version": "10.2.2510",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.2507.22",
                  "status": "affected",
                  "version": "10.1.2507",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.2411.132",
                  "status": "affected",
                  "version": "9.3.2411",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "M Mahdan Argya Syarif (0xbeludan)"
            }
          ],
          "datePublic": "2026-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could send server-side requests to arbitrary internal destinations through the Dashboard Studio PDF export feature.  \n\nThe vulnerability exists because the trusted-domain validation uses a prefix match that can be bypassed with attacker-controlled subdomains (for example, docs.splunk.com.evil.com), and because the PDF export service follows HTTP redirects automatically without re-validating each redirect target against the allowlist."
                }
              ],
              "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could send server-side requests to arbitrary internal destinations through the Dashboard Studio PDF export feature.  \n\nThe vulnerability exists because the trusted-domain validation uses a prefix match that can be bypassed with attacker-controlled subdomains (for example, docs.splunk.com.evil.com), and because the PDF export service follows HTTP redirects automatically without re-validating each redirect target against the allowlist."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T17:16:19.518Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0602"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0602"
          },
          "title": "Server-Side Request Forgery (SSRF) through Dashboard Studio PDF Export in Splunk Enterprise"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20252",
        "datePublished": "2026-06-10T17:16:19.518Z",
        "dateReserved": "2025-10-08T11:59:15.401Z",
        "dateUpdated": "2026-06-10T18:23:36.803Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20257 (GCVE-0-2026-20257)

    Vulnerability from cvelistv5 – Published: 2026-06-10 17:16 – Updated: 2026-06-10 18:24
    VLAI
    Title
    Improper Input Validation through Classic Dashboard CSS in Splunk Enterprise
    Summary
    In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a classic dashboard that exfiltrates sensitive data from the browser of a higher-privileged user who views it. The exfiltration is possible because classic dashboard panels do not fully validate style attribute values, which can allow for requests to reach external domains outside the configured Trusted Domains List. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
    Affected: 10.0 , < 10.0.7 (custom)
    Affected: 9.4 , < 9.4.12 (custom)
    Affected: 9.3 , < 9.3.13 (custom)
    Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.3.2512 , < 10.3.2512.13 (custom)
    Affected: 10.2.2510 , < 10.2.2510.15 (custom)
    Affected: 10.1.2507 , < 10.1.2507.23 (custom)
    Affected: 9.3.2411 , < 9.3.2411.132 (custom)
    Create a notification for this product.
    Date Public
    2026-06-10 00:00
    Credits
    Tony Tong (tongster)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20257",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T18:23:55.427272Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:24:02.482Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.2.4",
                  "status": "affected",
                  "version": "10.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.7",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.4.12",
                  "status": "affected",
                  "version": "9.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.13",
                  "status": "affected",
                  "version": "9.3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Cloud Platform",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.3.2512.13",
                  "status": "affected",
                  "version": "10.3.2512",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.2.2510.15",
                  "status": "affected",
                  "version": "10.2.2510",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.2507.23",
                  "status": "affected",
                  "version": "10.1.2507",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.2411.132",
                  "status": "affected",
                  "version": "9.3.2411",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Tony Tong (tongster)"
            }
          ],
          "datePublic": "2026-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a classic dashboard that exfiltrates sensitive data from the browser of a higher-privileged user who views it.  \n\nThe exfiltration is possible because classic dashboard panels do not fully validate style attribute values, which can allow for requests to reach external domains outside the configured Trusted Domains List.  \n\nThe vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will."
                }
              ],
              "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a classic dashboard that exfiltrates sensitive data from the browser of a higher-privileged user who views it.  \n\nThe exfiltration is possible because classic dashboard panels do not fully validate style attribute values, which can allow for requests to reach external domains outside the configured Trusted Domains List.  \n\nThe vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T17:16:03.885Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0607"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0607"
          },
          "title": "Improper Input Validation through Classic Dashboard CSS in Splunk Enterprise"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20257",
        "datePublished": "2026-06-10T17:16:03.885Z",
        "dateReserved": "2025-10-08T11:59:15.401Z",
        "dateUpdated": "2026-06-10T18:24:02.482Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20259 (GCVE-0-2026-20259)

    Vulnerability from cvelistv5 – Published: 2026-06-10 17:16 – Updated: 2026-06-10 18:24
    VLAI
    Title
    Improper Access Control in Splunk Enterprise
    Summary
    In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability `edit_saved_search_owner` could reassign saved search ownership to users outside their authorized scope. The ownership reassignment endpoint lacks access control.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
    Affected: 10.0 , < 10.0.7 (custom)
    Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.3.2512 , < 10.3.2512.12 (custom)
    Affected: 10.2.2510 , < 10.2.2510.15 (custom)
    Affected: 10.1.2507 , < 10.1.2507.23 (custom)
    Affected: 10.0.2503 , < 10.0.2503.14 (custom)
    Affected: 9.3.2411 , < 9.3.2411.131 (custom)
    Create a notification for this product.
    Date Public
    2026-06-10 00:00
    Credits
    Andres Perez, Splunk
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20259",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T18:24:17.180120Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:24:37.870Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.2.4",
                  "status": "affected",
                  "version": "10.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.7",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Cloud Platform",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.3.2512.12",
                  "status": "affected",
                  "version": "10.3.2512",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.2.2510.15",
                  "status": "affected",
                  "version": "10.2.2510",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.2507.23",
                  "status": "affected",
                  "version": "10.1.2507",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.2503.14",
                  "status": "affected",
                  "version": "10.0.2503",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.2411.131",
                  "status": "affected",
                  "version": "9.3.2411",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Andres Perez, Splunk"
            }
          ],
          "datePublic": "2026-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability `edit_saved_search_owner` could reassign saved search ownership to users outside their authorized scope. The ownership reassignment endpoint lacks access control."
                }
              ],
              "value": "In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability `edit_saved_search_owner` could reassign saved search ownership to users outside their authorized scope. The ownership reassignment endpoint lacks access control."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T17:16:02.256Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0609"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0609"
          },
          "title": "Improper Access Control in Splunk Enterprise"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20259",
        "datePublished": "2026-06-10T17:16:02.256Z",
        "dateReserved": "2025-10-08T11:59:15.401Z",
        "dateUpdated": "2026-06-10T18:24:37.870Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20255 (GCVE-0-2026-20255)

    Vulnerability from cvelistv5 – Published: 2026-06-10 17:16 – Updated: 2026-06-10 18:25
    VLAI
    Title
    Improper Input Validation through Classic Dashboards in Splunk Enterprise
    Summary
    In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server. The vulnerability exists because URL validation on the external content dialog is incomplete, which can allow for requests to untrusted domains when a user interacts with a crafted dashboard.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
    Affected: 10.0 , < 10.0.7 (custom)
    Affected: 9.4 , < 9.4.12 (custom)
    Affected: 9.3 , < 9.3.13 (custom)
    Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.3.2512 , < 10.3.2512.13 (custom)
    Affected: 10.2.2510 , < 10.2.2510.15 (custom)
    Affected: 10.1.2507 , < 10.1.2507.23 (custom)
    Affected: 9.3.2411 , < 9.3.2411.132 (custom)
    Create a notification for this product.
    Date Public
    2026-06-10 00:00
    Credits
    Tony Tong (tongster)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20255",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T18:25:06.072954Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:25:12.492Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.2.4",
                  "status": "affected",
                  "version": "10.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.7",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.4.12",
                  "status": "affected",
                  "version": "9.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.13",
                  "status": "affected",
                  "version": "9.3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Cloud Platform",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.3.2512.13",
                  "status": "affected",
                  "version": "10.3.2512",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.2.2510.15",
                  "status": "affected",
                  "version": "10.2.2510",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.2507.23",
                  "status": "affected",
                  "version": "10.1.2507",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.2411.132",
                  "status": "affected",
                  "version": "9.3.2411",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Tony Tong (tongster)"
            }
          ],
          "datePublic": "2026-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server.  \n\nThe vulnerability exists because URL validation on the external content dialog is incomplete, which can allow for requests to untrusted domains when a user interacts with a crafted dashboard."
                }
              ],
              "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server.  \n\nThe vulnerability exists because URL validation on the external content dialog is incomplete, which can allow for requests to untrusted domains when a user interacts with a crafted dashboard."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T17:16:00.962Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0605"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0605"
          },
          "title": "Improper Input Validation through Classic Dashboards in Splunk Enterprise"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20255",
        "datePublished": "2026-06-10T17:16:00.962Z",
        "dateReserved": "2025-10-08T11:59:15.401Z",
        "dateUpdated": "2026-06-10T18:25:12.492Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20251 (GCVE-0-2026-20251)

    Vulnerability from cvelistv5 – Published: 2026-06-10 17:16 – Updated: 2026-06-11 03:55
    VLAI
    Title
    Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway
    Summary
    In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, and Splunk Secure Gateway versions below 3.10.6, 3.9.20, and 3.8.67, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could perform a Remote Code Execution (RCE) through the Splunk Secure Gateway app.<br><br>The Remote Code Execution is possible because of unsafe deserialization of App Key Value Store (KV Store) data through the ‘jsonpickle’ Python library, which reconstructs arbitrary Python objects from specially crafted JavaScript Object Notation (JSON) without adequate validation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
    Affected: 10.0 , < 10.0.7 (custom)
    Affected: 9.4 , < 9.4.12 (custom)
    Affected: 9.3 , < 9.3.13 (custom)
    Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.3.2512 , < 10.3.2512.12 (custom)
    Affected: 10.2.2510 , < 10.2.2510.14 (custom)
    Affected: 10.1.2507 , < 10.1.2507.22 (custom)
    Affected: 9.3.2411 , < 9.3.2411.132 (custom)
    Create a notification for this product.
    Splunk Splunk Secure Gateway Affected: 3.10 , < 3.10.6 (custom)
    Affected: 3.9 , < 3.9.20 (custom)
    Affected: 3.8 , < 3.8.67 (custom)
    Create a notification for this product.
    Date Public
    2026-06-10 00:00
    Credits
    M Mahdan Argya Syarif (0xbeludan)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20251",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-11T03:55:39.372Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.2.4",
                  "status": "affected",
                  "version": "10.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.7",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.4.12",
                  "status": "affected",
                  "version": "9.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.13",
                  "status": "affected",
                  "version": "9.3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Cloud Platform",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.3.2512.12",
                  "status": "affected",
                  "version": "10.3.2512",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.2.2510.14",
                  "status": "affected",
                  "version": "10.2.2510",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.2507.22",
                  "status": "affected",
                  "version": "10.1.2507",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.2411.132",
                  "status": "affected",
                  "version": "9.3.2411",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Secure Gateway",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "3.10.6",
                  "status": "affected",
                  "version": "3.10",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.9.20",
                  "status": "affected",
                  "version": "3.9",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.8.67",
                  "status": "affected",
                  "version": "3.8",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "M Mahdan Argya Syarif (0xbeludan)"
            }
          ],
          "datePublic": "2026-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, and Splunk Secure Gateway versions below 3.10.6, 3.9.20, and 3.8.67, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 Splunk roles could perform a Remote Code Execution (RCE) through the Splunk Secure Gateway app.\u003cbr\u003e\u003cbr\u003eThe Remote Code Execution is possible because of unsafe deserialization of App Key Value Store (KV Store) data through the \u2018jsonpickle\u2019 Python library, which reconstructs arbitrary Python objects from specially crafted JavaScript Object Notation (JSON) without adequate validation."
                }
              ],
              "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, and Splunk Secure Gateway versions below 3.10.6, 3.9.20, and 3.8.67, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 Splunk roles could perform a Remote Code Execution (RCE) through the Splunk Secure Gateway app.\u003cbr\u003e\u003cbr\u003eThe Remote Code Execution is possible because of unsafe deserialization of App Key Value Store (KV Store) data through the \u2018jsonpickle\u2019 Python library, which reconstructs arbitrary Python objects from specially crafted JavaScript Object Notation (JSON) without adequate validation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T17:16:00.352Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0601"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0601"
          },
          "title": "Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20251",
        "datePublished": "2026-06-10T17:16:00.352Z",
        "dateReserved": "2025-10-08T11:59:15.401Z",
        "dateUpdated": "2026-06-11T03:55:39.372Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20254 (GCVE-0-2026-20254)

    Vulnerability from cvelistv5 – Published: 2026-06-10 17:15 – Updated: 2026-06-10 18:27
    VLAI
    Title
    Information Disclosure through External Content Restriction Bypass in Splunk Enterprise
    Summary
    In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server when a higher-privileged user views it, bypassing the external content restriction through a Cascading Style Sheets (CSS) injection.<br><br>The Trusted Domains security check does not fully validate inline style attribute values, which can allow for outbound requests to untrusted domains and credential exfiltration when a victim views a crafted dashboard.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
    Affected: 10.0 , < 10.0.7 (custom)
    Affected: 9.4 , < 9.4.12 (custom)
    Affected: 9.3 , < 9.3.13 (custom)
    Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.3.2512 , < 10.3.2512.13 (custom)
    Affected: 10.2.2510 , < 10.2.2510.15 (custom)
    Affected: 10.1.2507 , < 10.1.2507.23 (custom)
    Affected: 9.3.2411 , < 9.3.2411.132 (custom)
    Create a notification for this product.
    Date Public
    2026-06-10 00:00
    Credits
    Fredrik Alexandersson (stok)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20254",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T18:26:45.451095Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:27:01.123Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.2.4",
                  "status": "affected",
                  "version": "10.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.7",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.4.12",
                  "status": "affected",
                  "version": "9.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.13",
                  "status": "affected",
                  "version": "9.3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Cloud Platform",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.3.2512.13",
                  "status": "affected",
                  "version": "10.3.2512",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.2.2510.15",
                  "status": "affected",
                  "version": "10.2.2510",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.2507.23",
                  "status": "affected",
                  "version": "10.1.2507",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.2411.132",
                  "status": "affected",
                  "version": "9.3.2411",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Fredrik Alexandersson (stok)"
            }
          ],
          "datePublic": "2026-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server when a higher-privileged user views it, bypassing the external content restriction through a Cascading Style Sheets (CSS) injection.\u003cbr\u003e\u003cbr\u003eThe Trusted Domains security check does not fully validate inline style attribute values, which can allow for outbound requests to untrusted domains and credential exfiltration when a victim views a crafted dashboard."
                }
              ],
              "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server when a higher-privileged user views it, bypassing the external content restriction through a Cascading Style Sheets (CSS) injection.\u003cbr\u003e\u003cbr\u003eThe Trusted Domains security check does not fully validate inline style attribute values, which can allow for outbound requests to untrusted domains and credential exfiltration when a victim views a crafted dashboard."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T17:15:59.452Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0604"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0604"
          },
          "title": "Information Disclosure through External Content Restriction Bypass in Splunk Enterprise"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20254",
        "datePublished": "2026-06-10T17:15:59.452Z",
        "dateReserved": "2025-10-08T11:59:15.401Z",
        "dateUpdated": "2026-06-10T18:27:01.123Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20256 (GCVE-0-2026-20256)

    Vulnerability from cvelistv5 – Published: 2026-06-10 17:15 – Updated: 2026-06-10 18:19
    VLAI
    Title
    Improper Input Validation through Protocol-Relative URL in Classic Dashboards in Splunk Enterprise
    Summary
    In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could cause data exfiltration through classic dashboards by redirecting a victim to an external site using a protocol-relative URL in a drill-down link.<br><br>The vulnerability exists because the URL classifier in classic dashboards only recognizes `http://` and `https://` schemes when checking for external URLs. Protocol-relative URLs such as `//attacker.com` bypass this check entirely, and Splunk Web does not show the external-navigation warning dialog to the victim.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
    Affected: 10.0 , < 10.0.7 (custom)
    Affected: 9.4 , < 9.4.12 (custom)
    Affected: 9.3 , < 9.3.13 (custom)
    Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.3.2512 , < 10.3.2512.13 (custom)
    Affected: 10.2.2510 , < 10.2.2510.15 (custom)
    Affected: 10.1.2507 , < 10.1.2507.23 (custom)
    Affected: 9.3.2411 , < 9.3.2411.132 (custom)
    Create a notification for this product.
    Date Public
    2026-06-10 00:00
    Credits
    Tony Tong (tongster)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20256",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T18:18:59.939227Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:19:26.044Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.2.4",
                  "status": "affected",
                  "version": "10.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.7",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.4.12",
                  "status": "affected",
                  "version": "9.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.13",
                  "status": "affected",
                  "version": "9.3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Cloud Platform",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.3.2512.13",
                  "status": "affected",
                  "version": "10.3.2512",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.2.2510.15",
                  "status": "affected",
                  "version": "10.2.2510",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.2507.23",
                  "status": "affected",
                  "version": "10.1.2507",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.2411.132",
                  "status": "affected",
                  "version": "9.3.2411",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Tony Tong (tongster)"
            }
          ],
          "datePublic": "2026-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 Splunk roles could cause data exfiltration through classic dashboards by redirecting a victim to an external site using a protocol-relative URL in a drill-down link.\u003cbr\u003e\u003cbr\u003eThe vulnerability exists because the URL classifier in classic dashboards only recognizes `http://` and `https://` schemes when checking for external URLs. Protocol-relative URLs such as `//attacker.com` bypass this check entirely, and Splunk Web does not show the external-navigation warning dialog to the victim."
                }
              ],
              "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 Splunk roles could cause data exfiltration through classic dashboards by redirecting a victim to an external site using a protocol-relative URL in a drill-down link.\u003cbr\u003e\u003cbr\u003eThe vulnerability exists because the URL classifier in classic dashboards only recognizes `http://` and `https://` schemes when checking for external URLs. Protocol-relative URLs such as `//attacker.com` bypass this check entirely, and Splunk Web does not show the external-navigation warning dialog to the victim."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T17:15:55.966Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0606"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0606"
          },
          "title": "Improper Input Validation through Protocol-Relative URL in Classic Dashboards in Splunk Enterprise"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20256",
        "datePublished": "2026-06-10T17:15:55.966Z",
        "dateReserved": "2025-10-08T11:59:15.401Z",
        "dateUpdated": "2026-06-10T18:19:26.044Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }