Skip to main content

Splunk Enterprise EUVDEUVD-2026-22931

| CVE-2026-20203 MEDIUM
Improper Access Control (CWE-284)
2026-04-15 cisco GHSA-gpm4-vrgj-h7qc
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

4
Patch released
Apr 17, 2026 - 19:07 nvd
Patch available
Patch available
Apr 16, 2026 - 05:29 EUVD
9.4.10,10.2.2510.10,10.3.2512.6
EUVD ID Assigned
Apr 15, 2026 - 15:30 euvd
EUVD-2026-22931
CVE Published
Apr 15, 2026 - 15:17 nvd
MEDIUM 4.3

DescriptionCVE.org

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the admin or power Splunk roles, has write permission on the app, and does not hold the high-privilege capability accelerate_datamodel, could turn on or off Data Model Acceleration due to improper access control.

Analysis

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the admin or power Splunk roles, has write permission on the app, and does not hold the high-privilege capability accelerate_datamodel, could turn on or off Data Model Acceleration due to improper access control.

CVE-2026-20253 CRITICAL POC
9.8 Jun 10

Unauthenticated arbitrary file write in Splunk Enterprise (below 10.2.4 and 10.0.7) and Splunk Cloud Platform (below 10.

CVE-2026-20251 HIGH
8.8 Jun 10

Remote code execution in Splunk Enterprise, Splunk Cloud Platform, and the Splunk Secure Gateway app allows a low-privil

CVE-2026-20296 HIGH
8.3 Jul 15

Cross-Site Request Forgery combined with SPL injection in Splunk Enterprise (below 10.4.1, 10.2.5, 10.0.8, 9.4.13) and S

CVE-2026-20252 HIGH
7.6 Jun 10

Server-side request forgery in Splunk Enterprise (below 10.2.4, 10.0.7, 9.4.12, 9.3.13) and Splunk Cloud Platform lets a

CVE-2026-20297 HIGH
7.2 Jul 15

Arbitrary file write in Splunk Enterprise (versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, 9.3.14) and Splunk Cloud Platf

CVE-2026-20204 HIGH
7.1 Apr 15

In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.26

CVE-2026-20202 MEDIUM
6.6 Apr 15

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.26

CVE-2026-20257 MEDIUM
5.7 Jun 10

Classic dashboard style attribute injection in Splunk Enterprise and Splunk Cloud Platform enables a low-privileged auth

CVE-2026-20255 MEDIUM
5.7 Jun 10

Classic dashboard URL validation bypass in Splunk Enterprise and Splunk Cloud Platform enables low-privileged authentica

CVE-2026-20254 MEDIUM
5.7 Jun 10

CSS injection in Splunk Enterprise and Splunk Cloud Platform classic dashboards enables credential and sensitive data ex

CVE-2026-20256 MEDIUM
5.7 Jun 10

Classic dashboard drill-down links in Splunk Enterprise and Splunk Cloud Platform can be weaponized by low-privileged au

CVE-2026-20259 MEDIUM
5.5 Jun 10

Improper access control on the saved search ownership reassignment endpoint in Splunk Enterprise and Splunk Cloud Platfo

Share

EUVD-2026-22931 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy