Skip to main content

Splunk Cloud Platform CVE-2026-20204

| EUVDEUVD-2026-22934 HIGH
Insecure Temporary File (CWE-377)
2026-04-15 cisco
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch released
Apr 17, 2026 - 19:04 nvd
Patch available
Patch available
Apr 16, 2026 - 05:29 EUVD
9.3.2411.127,10.0.2503.13,10.2.2510.9
EUVD ID Assigned
Apr 15, 2026 - 15:30 euvd
EUVD-2026-22934
CVE Published
Apr 15, 2026 - 15:17 nvd
HIGH 7.1

DescriptionCVE.org

In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.5, 10.2.2510.9, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the admin or power Splunk roles could potentially perform a Remote Code Execution (RCE) by uploading a malicious file to the $SPLUNK_HOME/var/run/splunk/apptemp directory due to improper handling and insufficient isolation of temporary files within the apptemp directory.

Analysis

In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.5, 10.2.2510.9, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the admin or power Splunk roles could potentially perform a Remote Code Execution (RCE) by uploading a malicious file to the $SPLUNK_HOME/var/run/splunk/apptemp directory due to improper handling and insufficient isolation of temporary files within the apptemp directory.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-20253 CRITICAL POC
9.8 Jun 10

Unauthenticated arbitrary file write in Splunk Enterprise (below 10.2.4 and 10.0.7) and Splunk Cloud Platform (below 10.

CVE-2026-20251 HIGH
8.8 Jun 10

Remote code execution in Splunk Enterprise, Splunk Cloud Platform, and the Splunk Secure Gateway app allows a low-privil

CVE-2025-20229 HIGH
8.0 Mar 26

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.

CVE-2026-20252 HIGH
7.6 Jun 10

Server-side request forgery in Splunk Enterprise (below 10.2.4, 10.0.7, 9.4.12, 9.3.13) and Splunk Cloud Platform lets a

CVE-2025-20371 HIGH
7.5 Oct 01

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.10

CVE-2026-20163 HIGH
7.2 Mar 11

Arbitrary shell command execution in Splunk Enterprise and Cloud Platform allows authenticated users with the edit_cmd c

CVE-2026-20144 MEDIUM
6.8 Feb 18

Splunk Enterprise and Splunk Cloud Platform deployments expose SAML authentication configurations in plaintext logs acce

CVE-2026-20202 MEDIUM
6.6 Apr 15

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.26

CVE-2025-20228 MEDIUM
6.5 Mar 26

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.2.2403.108, and 9

CVE-2025-20366 MEDIUM
6.5 Oct 01

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.111, 9.3.

CVE-2026-20164 MEDIUM
6.5 Mar 11

Splunk Enterprise and Cloud Platform versions below specified thresholds fail to properly restrict access to the passwor

CVE-2025-20321 MEDIUM
6.5 Jul 07

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.10

Share

CVE-2026-20204 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy