EUVD-2026-31139
GHSA-7mj7-jqh4-hc7f
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the _internal index could view session cookies and response bodies that contain sensitive data.
AnalysisAI
Sensitive information disclosure in Splunk Enterprise (below 10.2.2 and 10.0.5) and Splunk Cloud Platform (multiple branches below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13) allows authenticated users with a role granting access to the _internal index to view session cookies and response bodies containing sensitive data logged by the platform. Cisco-reported and patched by Splunk in advisory SVD-2026-0503, the issue is a CWE-532 sensitive-data-in-logs flaw rather than a remote code execution bug, with no public exploit identified at time of analysis.
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: identify all Splunk Enterprise instances below 10.2.2 and 10.0.5, and Cloud instances below 10.3.2512.8/10.2.2510.11/10.1.2507.21/10.0.2503.13; assess which systems grant _internal index access to non-administrative users. Within 7 days: deploy vendor patches (Splunk Enterprise 10.2.2, 10.0.5 or later; Splunk Cloud per branch specifications in SVD-2026-0503) and restrict _internal index access to system administrators only. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today