What is the CVSS score of CVE-2026-20259?

CVE-2026-20259 has a CVSS 3.1 base score of 5.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N.

Is there a patch available for CVE-2026-20259?

Yes, a patch is available for CVE-2026-20259. Update the affected software to the latest version immediately.

Splunk Enterprise CVE-2026-20259

EUVD-2026-36084 MEDIUM

Improper Access Control (CWE-284)

2026-06-10 cisco

GHSA-jhf8-vwfv-vr95

Splunk Authentication Bypass Splunk Enterprise Splunk Cloud Platform

5.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

5.5 MEDIUM

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

Lifecycle Timeline

Patch available

Jun 10, 2026 - 20:01 EUVD

Analysis Generated

Jun 10, 2026 - 19:01 vuln.today

DescriptionCVE.org

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability edit_saved_search_owner could reassign saved search ownership to users outside their authorized scope. The ownership reassignment endpoint lacks access control.

AnalysisAI

Improper access control on the saved search ownership reassignment endpoint in Splunk Enterprise and Splunk Cloud Platform allows a highly privileged authenticated user - one whose role contains the edit_saved_search_owner capability - to reassign saved search ownership to users outside their authorized scope. Affected versions span Splunk Enterprise below 10.2.4 and 10.0.7, and multiple Splunk Cloud Platform branches below their respective fixed builds. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate as high-privilege Splunk user

Delivery

Identify target saved search with sensitive content

Exploit

Craft API request to ownership reassignment endpoint

Execution

Submit request bypassing scope validation

Persist

Saved search reassigned to unauthorized user

Impact

Unauthorized user accesses sensitive search data

Access

Authenticate as high-privilege Splunk user

Delivery

Identify target saved search with sensitive content

Exploit

Craft API request to ownership reassignment endpoint

Execution

Submit request bypassing scope validation

Persist

Saved search reassigned to unauthorized user

Impact

Unauthorized user accesses sensitive search data

Vulnerability AssessmentAI

Exploitation	Exploitation requires the attacker to be authenticated to the Splunk instance and to hold a Splunk role that explicitly grants the `edit_saved_search_owner` capability, which Splunk classifies as a high-privilege capability - this is confirmed by the CVSS PR:H designation. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS score of 5.5 (Medium) accurately reflects the constrained exploitability: the PR:H requirement means only users already holding a Splunk role with the `edit_saved_search_owner` capability can exploit this, significantly narrowing the threat actor pool to insiders or accounts already compromised at a high-privilege level. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An authenticated Splunk user whose role includes the `edit_saved_search_owner` capability crafts an API request to the ownership reassignment endpoint, specifying a target saved search and a destination user account outside their authorized management scope. The endpoint processes the request without validating scope boundaries, transferring ownership to the unauthorized user, who can then access the saved search - including any embedded credentials, data source queries, or sensitive alert logic contained within it. …
Remediation	Upgrade Splunk Enterprise to version 10.2.4 or 10.0.7 (the fixed releases per the vendor advisory SVD-2026-0609 at https://advisory.splunk.com/advisories/SVD-2026-0609). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-20253 CRITICAL Act Now

9.8 Jun 10

Unauthenticated arbitrary file write in Splunk Enterprise (below 10.2.4 and 10.0.7) and Splunk Cloud Platform (below 10.

CVE-2026-20251 HIGH This Week

8.8 Jun 10

Remote code execution in Splunk Enterprise, Splunk Cloud Platform, and the Splunk Secure Gateway app allows a low-privil

CVE-2026-20258 HIGH This Week

7.1 Jun 10

Stored cross-site scripting in Splunk Enterprise (below 10.2.4, 10.0.7, 9.4.12, 9.3.13) and Splunk Cloud Platform (below

CVE-2026-20254 MEDIUM This Month

5.7 Jun 10

CSS injection in Splunk Enterprise and Splunk Cloud Platform classic dashboards enables credential and sensitive data ex

CVE-2026-20255 MEDIUM This Month