Splunk
CVE-2026-20164
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, 10.0.2503.11, and 9.3.2411.123, a low-privileged user that does not hold the "admin" or "power" Splunk roles could access the /splunkd/__raw/servicesNS/-/-/configs/conf-passwords REST API endpoint, which exposes the hashed or plaintext password values that are stored in the passwords.conf configuration file due to improper access control. This vulnerability could allow for the unauthorized disclosure of sensitive credentials.
AnalysisAI
Splunk Enterprise and Cloud Platform versions below specified thresholds fail to properly restrict access to the passwords configuration API endpoint, allowing low-privileged users without admin or power roles to retrieve hashed or plaintext credential values from passwords.conf. This information disclosure vulnerability could enable attackers to obtain sensitive authentication credentials for further system compromise. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Vulnerability AssessmentAI
| Risk Assessment | CVSS 6.5 (MEDIUM). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker without authentication could exploit this vulnerability to for the unauthorized disclosure of sensitive credentials. |
| Remediation | Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 30 days: Identify affected systems running Splunk Enterprise and apply vendor patches as part of regular patch cycle. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Unauthenticated arbitrary file write in Splunk Enterprise (below 10.2.4 and 10.0.7) and Splunk Cloud Platform (below 10.
Remote code execution in Splunk Enterprise, Splunk Cloud Platform, and the Splunk Secure Gateway app allows a low-privil
Path traversal in the CSV Export endpoint of ghantakiran's splunk-mcp-integration allows remote unauthenticated attacker
Authenticated command injection in Splunk AI Toolkit versions below 5.7.4 allows a user with the Splunk admin role to ex
In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.
Privilege escalation vulnerability in Splunk Universal Forwarder for Windows where incorrect file system permissions are
In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an u
In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to
Server-side request forgery in Splunk Enterprise (below 10.2.4, 10.0.7, 9.4.12, 9.3.13) and Splunk Cloud Platform lets a
In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.10
Sensitive information disclosure in Splunk Enterprise (below 10.2.2 and 10.0.5) and Splunk Cloud Platform (multiple bran
Arbitrary shell command execution in Splunk Enterprise and Cloud Platform allows authenticated users with the edit_cmd c
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today