Skip to main content

Splunk

204 CVEs product

Monthly

CVE-2026-20298 MEDIUM PATCH This Month

Credential hash exposure in Splunk Enterprise and Splunk Cloud Platform allows low-privileged users - those without the 'admin' or 'power' roles - to retrieve stored credential hashes by issuing the `|rest` SPL command against the `/servicesNS/-/-/storage/passwords` endpoint, which incorrectly returns the `encr_password` field. Affected are Splunk Enterprise branches below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and multiple Splunk Cloud Platform versions. No public exploit has been identified at time of analysis and this CVE is not in CISA KEV, but the real-world impact is significant wherever Splunk stores credentials for external services such as databases, APIs, or cloud accounts.

Splunk Information Disclosure Splunk Enterprise Splunk Cloud Platform
NVD
CVSS 3.1
5.3
CVE-2026-20296 HIGH PATCH This Week

Cross-Site Request Forgery combined with SPL injection in Splunk Enterprise (below 10.4.1, 10.2.5, 10.0.8, 9.4.13) and Splunk Cloud Platform lets an attacker trick a logged-in user holding the list_deployment_server capability into unknowingly executing attacker-controlled Search Processing Language searches as the privileged splunk-system-user, exposing stored credentials and indexed data. The flaw stems from Deployment Server endpoints in Splunk Web accepting unvalidated GET requests without CSRF token checks and failing to neutralize caller input before it reaches an SPL search. No public exploit has been identified at time of analysis and it is not listed in CISA KEV.

Splunk CSRF Splunk Enterprise Splunk Cloud Platform
NVD
CVSS 3.1
8.3
CVE-2026-20297 HIGH PATCH This Week

Arbitrary file write in Splunk Enterprise (versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, 9.3.14) and Splunk Cloud Platform lets a privileged user with the edit_local_apps and install_apps capabilities abuse the app-installation workflow to write files outside the target app directory into $SPLUNK_HOME/etc/ and its subdirectories. The flaw is a path traversal (CWE-22) that can be leveraged to overwrite Splunk configuration and system files, yielding high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis and it is not listed in CISA KEV.

Splunk Path Traversal Splunk Enterprise Splunk Cloud Platform
NVD
CVSS 3.1
7.2
CVE-2026-20266 CRITICAL Act Now

Authenticated command injection in Splunk AI Toolkit versions below 5.7.4 allows a user with the Splunk admin role to execute arbitrary OS commands on the underlying Splunk Enterprise host. The flaw lives in the btool configuration helper, which builds shell command strings from dynamic parameters with shell interpretation enabled. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Command Injection Splunk Splunk Ai Toolkit
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2026-20265 MEDIUM This Month

Outbound SSRF-class data exfiltration in Splunk AI Toolkit versions below 5.7.4 allows any low-privileged authenticated Splunk user - without admin or power roles - to redirect the AI agent's HTTP request mechanism to an attacker-controlled server. The root cause is an insecure default domain allowlist shipped with the toolkit that places no restrictions on which external domains the AI agent may contact. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog, but the low privilege barrier makes it broadly relevant in enterprise Splunk deployments with many standard users.

Splunk Information Disclosure Splunk Ai Toolkit
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-20258 MEDIUM PATCH This Month

Stored cross-site scripting in Splunk Enterprise (below 10.2.4, 10.0.7, 9.4.12, 9.3.13) and Splunk Cloud Platform (below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, 9.3.2411.132) allows a low-privileged authenticated user - without 'admin' or 'power' roles - to embed malicious JavaScript inside a classic dashboard HTML panel that executes in another user's browser session. Exploitation requires phishing the victim into initiating a specific browser request, and no public exploit was identified at time of analysis.

XSS Splunk Splunk Enterprise Splunk Cloud Platform
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-20253 CRITICAL POC KEV PATCH THREAT NEWS Act Now

Unauthenticated arbitrary file write in Splunk Enterprise (below 10.2.4 and 10.0.7) and Splunk Cloud Platform (below 10.4.2604.3 and 10.2.2510.14) allows remote attackers to create or truncate files on the host via an unauthenticated PostgreSQL sidecar service endpoint. The CVSS 9.8 vector (AV:N/AC:L/PR:N/UI:N) reflects trivial network exploitation, and no public exploit identified at time of analysis, though the missing-auth root cause and Splunk's high-value position in enterprise SOCs makes prompt patching warranted.

Splunk PostgreSQL Authentication Bypass Splunk Enterprise Splunk Cloud Platform
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.1%
Threat
5.0
CVE-2026-20260 MEDIUM PATCH This Month

ANSI escape code injection in Splunk SOAR versions below 8.5.0 allows an unauthenticated remote attacker to embed terminal control sequences into application log files via crafted HTTP request paths. When an administrator subsequently views those logs in a terminal emulator, the escape codes may be interpreted, enabling visual output manipulation such as overwriting displayed text, hiding log entries, or altering terminal state. No public exploit code has been identified at time of analysis, and exploitation requires administrator interaction with affected log output, keeping real-world risk moderate despite the low authentication barrier.

Code Injection Splunk Splunk Soar
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-20252 HIGH PATCH This Week

Server-side request forgery in Splunk Enterprise (below 10.2.4, 10.0.7, 9.4.12, 9.3.13) and Splunk Cloud Platform lets a low-privileged authenticated user coerce the Dashboard Studio PDF export feature into issuing HTTP requests to arbitrary internal destinations. The flaw stems from a flawed prefix-match on trusted domains plus uncritical redirect-following by the PDF export service. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

SSRF Splunk Splunk Enterprise Splunk Cloud Platform
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-20257 MEDIUM PATCH This Month

Classic dashboard style attribute injection in Splunk Enterprise and Splunk Cloud Platform enables a low-privileged authenticated user to craft panels that bypass the Trusted Domains List and exfiltrate sensitive data from a higher-privileged user's browser session. Affected branches span Splunk Enterprise below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and multiple Splunk Cloud Platform release trains. No public exploit has been identified at time of analysis, and SSVC rates current exploitation as none with partial technical impact, though the high confidentiality impact potential warrants prompt patching in environments where low-privileged users can share dashboards with administrators.

Information Disclosure Splunk Splunk Enterprise Splunk Cloud Platform
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-20259 MEDIUM PATCH This Month

Improper access control on the saved search ownership reassignment endpoint in Splunk Enterprise and Splunk Cloud Platform allows a highly privileged authenticated user - one whose role contains the `edit_saved_search_owner` capability - to reassign saved search ownership to users outside their authorized scope. Affected versions span Splunk Enterprise below 10.2.4 and 10.0.7, and multiple Splunk Cloud Platform branches below their respective fixed builds. No public exploit has been identified at time of analysis, and the PR:H CVSS requirement confines risk primarily to insider threats or scenarios involving compromised privileged Splunk accounts.

Splunk Authentication Bypass Splunk Enterprise Splunk Cloud Platform
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20255 MEDIUM PATCH This Month

Classic dashboard URL validation bypass in Splunk Enterprise and Splunk Cloud Platform enables low-privileged authenticated users to craft dashboards that silently exfiltrate sensitive data to attacker-controlled external servers. The flaw (CWE-20) resides in the external content dialog, which fails to enforce complete domain restrictions, allowing outbound requests to untrusted hosts when a victim interacts with the malicious dashboard. No public exploit exists and this vulnerability is not listed in CISA KEV, but the High confidentiality impact (C:H) in the CVSS vector reflects meaningful data exposure risk in environments where Splunk indexes security events, credentials, or sensitive operational logs.

Information Disclosure Splunk Splunk Enterprise Splunk Cloud Platform
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-20251 HIGH PATCH This Week

Remote code execution in Splunk Enterprise, Splunk Cloud Platform, and the Splunk Secure Gateway app allows a low-privileged authenticated user (without 'admin' or 'power' roles) to execute arbitrary Python on the server by abusing unsafe jsonpickle deserialization of App Key Value Store (KV Store) data. CVSS is 8.8 (network, low complexity, low privileges) and the issue is currently rated as no public exploit identified at time of analysis. The flaw is reported by Cisco and disclosed via Splunk advisory SVD-2026-0601.

Python Deserialization Splunk RCE Splunk Enterprise +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-20254 MEDIUM PATCH This Month

CSS injection in Splunk Enterprise and Splunk Cloud Platform classic dashboards enables credential and sensitive data exfiltration by low-privileged users targeting higher-privileged accounts. A low-privileged user (without 'admin' or 'power' roles) can craft a malicious classic dashboard containing injected CSS via inline style attributes; when a higher-privileged user views the dashboard, outbound HTTP requests are triggered to attacker-controlled external servers, bypassing the Trusted Domains restriction. No public exploit has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog, but the C:H confidentiality impact and cross-privilege exploitation path make this a meaningful insider or compromised-account threat in environments with mixed privilege levels.

Information Disclosure Splunk Splunk Enterprise Splunk Cloud Platform
NVD VulDB
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-20256 MEDIUM PATCH This Month

Classic dashboard drill-down links in Splunk Enterprise and Splunk Cloud Platform can be weaponized by low-privileged authenticated users to silently redirect victims to attacker-controlled external sites, enabling data exfiltration. The flaw stems from an incomplete URL scheme validator that recognizes only 'http://' and 'https://' prefixes, allowing protocol-relative URLs like '//attacker.com' to bypass the external-navigation warning dialog entirely. No public exploit code exists and no active exploitation is confirmed (not in CISA KEV), but the attack requires only a low-privileged account and a single victim click, making it a realistic phishing vector in multi-tenant or large enterprise Splunk deployments.

Authentication Bypass Splunk Splunk Enterprise Splunk Cloud Platform
NVD VulDB
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-20238 MEDIUM PATCH This Month

Unauthorized data disclosure in Splunk AI Toolkit versions below 5.7.3 allows authenticated low-privileged users to bypass srchFilter-based access controls and read confidential data scoped to more restricted custom roles. The flaw stems from the Splunk platform's behavior of combining inherited search filters via the OR SPL operator, causing the permissive filter injected by the AI Toolkit's authorize.conf to override stricter filters on child roles. No active exploitation confirmed (not in CISA KEV) and no public exploit identified at time of analysis, but the CVSS confidentiality impact is rated High, making this a meaningful data exposure risk in multi-tenant or compliance-sensitive Splunk deployments.

Authentication Bypass Splunk
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-20239 HIGH PATCH This Week

Sensitive information disclosure in Splunk Enterprise (below 10.2.2 and 10.0.5) and Splunk Cloud Platform (multiple branches below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13) allows authenticated users with a role granting access to the `_internal` index to view session cookies and response bodies containing sensitive data logged by the platform. Cisco-reported and patched by Splunk in advisory SVD-2026-0503, the issue is a CWE-532 sensitive-data-in-logs flaw rather than a remote code execution bug, with no public exploit identified at time of analysis.

Information Disclosure Splunk
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-20240 MEDIUM PATCH This Month

Denial of Service in Splunk Enterprise and Splunk Cloud Platform allows a low-privileged authenticated user to render the entire instance non-functional by exploiting missing input validation in the `coldToFrozen.sh` script bundled with the `splunk_archiver` app. The script accepts arbitrary file paths and renames them without restricting operations to safe directories, enabling renaming of critical Splunk system directories. No public exploit or CISA KEV listing has been identified at time of analysis, but the low privilege requirement (PR:L per CVSS) makes this actionable for any authenticated non-admin user in multi-tenant or enterprise deployments. A vendor patch is available via advisory SVD-2026-0504.

Denial Of Service Splunk
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-7589 MEDIUM POC This Month

Path traversal in the CSV Export endpoint of ghantakiran's splunk-mcp-integration allows remote unauthenticated attackers to access arbitrary files on the server by manipulating the job_name parameter in the create_csv_export function. The vulnerability affects all versions up to commit 0b86b09d5e5adf0433acd43c975951224613a1a6, with publicly available exploit code disclosed via GitHub issue; no vendor patch has been released despite early notification.

Path Traversal Splunk
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-20166 MEDIUM This Month

Improper access control in the Discover Splunk Observability Cloud app allows low-privileged users without admin or power roles to retrieve Observability Cloud API access tokens in Splunk Enterprise versions below 10.2.1/10.0.4 and Splunk Cloud Platform versions below 10.2.2510.5/10.1.2507.16/10.0.2503.12. An attacker with low-level credentials could leverage this to obtain API tokens for unauthorized access to Observability Cloud resources. No patch is currently available.

Information Disclosure Splunk Splunk Cloud Platform
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-20165 MEDIUM This Month

Improper access control in Splunk Enterprise and Cloud Platform versions below specified thresholds allows low-privileged users without admin or power roles to extract sensitive information from job search logs through the MongoClient logging channel. Affected versions include Enterprise 10.2.1, 10.0.4, 9.4.9, and 9.3.10, as well as corresponding Cloud Platform releases. No patch is currently available for this medium-severity vulnerability.

Information Disclosure Splunk Splunk Cloud Platform
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-20164 MEDIUM This Month

Splunk Enterprise and Cloud Platform versions below specified thresholds fail to properly restrict access to the passwords configuration API endpoint, allowing low-privileged users without admin or power roles to retrieve hashed or plaintext credential values from passwords.conf. This information disclosure vulnerability could enable attackers to obtain sensitive authentication credentials for further system compromise. No patch is currently available.

Information Disclosure Splunk Splunk Cloud Platform
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-20163 HIGH This Week

Arbitrary shell command execution in Splunk Enterprise and Cloud Platform allows authenticated users with the edit_cmd capability to inject commands through the unarchive_cmd parameter in the preview upload endpoint. Affected versions include Splunk Enterprise below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, as well as corresponding Cloud Platform versions. An attacker with high-privilege roles could achieve remote code execution on vulnerable systems, though no patch is currently available.

Command Injection Splunk Splunk Cloud Platform
NVD VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-20162 MEDIUM This Month

Stored XSS via path traversal in Splunk Enterprise and Cloud Platform allows low-privileged users to inject malicious JavaScript into Views, compromising any user who visits the affected page. An attacker must socially engineer a victim into initiating the malicious request, but no special privileges or user interaction beyond initial page load is required. Affected versions include Splunk Enterprise below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, with no patch currently available.

XSS Path Traversal Splunk Splunk Cloud Platform
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-20144 MEDIUM This Month

Splunk Enterprise and Splunk Cloud Platform deployments expose SAML authentication configurations in plaintext logs accessible to users with Search Head Cluster administrative roles and _internal index access, allowing credential and authentication extension disclosure. Affected versions include Splunk Enterprise below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, as well as Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120. No patch is currently available for this medium-severity vulnerability.

Information Disclosure Splunk Splunk Cloud Platform
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-20142 MEDIUM This Month

Splunk Enterprise versions before 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11 expose RSA access keys in plain text within the Authentication.conf file to users with access to the _internal index on Search Head Cluster deployments. A privileged user with appropriate role permissions could read these sensitive credentials, compromising authentication security. No patch is currently available for this medium-severity vulnerability.

Information Disclosure Splunk
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-20141 MEDIUM This Month

Improper access control in Splunk Enterprise versions below 9.3.9, 9.4.8, and 10.0.2 allows low-privileged users without admin roles to access the Monitoring Console App endpoints, enabling unauthorized disclosure of sensitive information. The vulnerability affects only on-premises Splunk Enterprise deployments and does not impact Splunk Cloud Platform instances. No patch is currently available.

Information Disclosure Splunk
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-20139 MEDIUM This Month

Client-side denial-of-service in Splunk Enterprise and Splunk Cloud Platform allows low-privileged users to inject malicious payloads through user profile parameters in the authentication REST API endpoint, causing significant page load delays or temporary unresponsiveness of the Splunk Web interface. Affected versions include Splunk Enterprise below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121. No patch is currently available for this vulnerability.

Denial Of Service Splunk Cloud Platform Splunk
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-20138 MEDIUM This Month

Splunk Search Head Cluster deployments below versions 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11 expose Duo Two-Factor Authentication secrets (integrationKey, secretKey, appSecretKey) in plain text to users with access to the _internal index and appropriate roles. An authenticated attacker with these privileges could retrieve sensitive credentials and compromise Duo authentication controls for the Splunk environment. No patch is currently available for this vulnerability.

Information Disclosure Splunk
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-20137 LOW Monitor

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky commands when they create a Data Model that contains an injected SPL query within an object. [CVSS 3.5 LOW]

Path Traversal Splunk Splunk Cloud Platform
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-20389 MEDIUM PATCH This Month

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8.58 and 3.7.28 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `label` column field after adding a new device in the Splunk Secure Gateway app. This could potentially lead to a client-side denial of service (DoS).

Denial Of Service Splunk Splunk Secure Gateway Splunk Cloud Platform
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-20388 LOW PATCH Monitor

In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116, a user who holds a role that contains the high privilege capability `change_authentication` could enumerate internal IP addresses and network ports when adding new search peers to a Splunk search head in a distributed environment.

SSRF Splunk
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-20387 HIGH PATCH This Week

In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory. This lets non-administrator users on the machine access the directory and all its contents.

Microsoft Information Disclosure Splunk Windows
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-20386 HIGH PATCH This Week

In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Splunk Enterprise for Windows Installation directory. This lets non-administrator users on the machine access the directory and all its contents.

Microsoft Information Disclosure Splunk Windows
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-20385 LOW PATCH Monitor

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability `admin_all_objects` could craft a malicious payload through the href attribute of an anchor tag within a collection in the navigation bar, which could result in execution of unauthorized JavaScript code in the browser of a user.

XSS Splunk
NVD
CVSS 3.1
2.4
EPSS
0.0%
CVE-2025-20384 MEDIUM PATCH This Month

A security vulnerability in Splunk Enterprise (CVSS 5.3) that allows them. Remediation should follow standard vulnerability management procedures.

Information Disclosure Splunk Splunk Cloud Platform
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-20383 MEDIUM PATCH This Month

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gateway app in Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles and subscribes to mobile push notifications could receive notifications that disclose the title and description of the report or alert even if they do not have access to view the report or alert.

Information Disclosure Splunk Splunk Secure Gateway Splunk Cloud Platform
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-20382 LOW PATCH Monitor

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.10, 10.0.2503.8, and 9.3.2411.120, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a views dashboard with a custom background using the `data:image/png;base64` protocol that could potentially lead to an unvalidated redirect. This behavior circumvents the Splunk external URL warning mechanism by using a specially crafted URL, allowing for a redirection to an external malicious site. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.

Open Redirect Splunk
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-20379 LOW Monitor

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk Splunk Cloud Platform
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-20378 LOW Monitor

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform versions below 10.0.2503.5, 9.3.2411.111, and 9.3.2408.121, an unauthenticated attacker could craft a. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Open Redirect Splunk Splunk Cloud Platform
NVD
CVSS 3.1
3.1
EPSS
0.1%
CVE-2025-20371 HIGH PATCH This Week

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery (SSRF) potentially letting an attacker perform REST API calls on behalf of an authenticated high-privileged user.

SSRF Splunk Splunk Cloud Platform
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-20370 MEDIUM PATCH This Month

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the high-privilege capability `change_authentication`, could send multiple LDAP bind requests to a specific internal endpoint, resulting in high server CPU usage, which could potentially lead to a denial of service (DoS) until the Splunk Enterprise instance is restarted. See https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/10.0/manage-splunk-platform-users-and-roles/define-roles-on-the-splunk-platform-with-capabilities and https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/10.0/use-ldap-as-an-authentication-scheme/configure-ldap-with-splunk-web#cfe47e31_007f_460d_8b3d_8505ffc3f0dd__Configure_LDAP_with_Splunk_Web for more information.

Denial Of Service Splunk Cloud Platform Splunk
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-20369 MEDIUM PATCH This Month

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privilege user that does not hold the "admin" or "power" Splunk roles could perform an extensible markup language (XML) external entity (XXE) injection through the dashboard tab label field. The XXE injection has the potential to cause denial of service (DoS) attacks.

XXE Denial Of Service Splunk Cloud Platform Splunk
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-20368 MEDIUM PATCH This Month

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through the error messages and job inspection details of a saved search. This could result in execution of unauthorized JavaScript code in the browser of a user.

XSS Splunk Splunk Cloud Platform
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-20367 MEDIUM PATCH This Month

In Splunk Enterprise versions below 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious payload through the `dataset.command` parameter of the `/app/search/table` endpoint, which could result in execution of unauthorized JavaScript code in the browser of a user.

XSS Splunk Cloud Platform Splunk
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-20366 MEDIUM PATCH This Month

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.111, 9.3.2408.119, and 9.2.2406.122, a low-privileged user that does not hold the admin or power Splunk roles could access sensitive search results if Splunk Enterprise runs an administrative search job in the background. If the low privileged user guesses the search job’s unique Search ID (SID), the user could retrieve the results of that job, potentially exposing sensitive search results. For more information see https://help.splunk.com/en/splunk-enterprise/search/search-manual/10.0/manage-jobs/about-jobs-and-job-management and https://help.splunk.com/en/splunk-enterprise/search/search-manual/10.0/manage-jobs/manage-search-jobs.

Authentication Bypass Splunk Splunk Cloud Platform
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-20325 LOW PATCH Monitor

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119, the software potentially exposes the search head cluster [splunk.secret](https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/9.4/install-splunk-enterprise-securely/deploy-secure-passwords-across-multiple-servers) key. This exposure could happen if you have a Search Head cluster and you configure the Splunk Enterprise `SHCConfig` log channel at the DEBUG logging level in the clustered deployment. <br><br>The vulnerability would require either local access to the log files or administrative access to internal indexes, which by default only the admin role receives. Review roles and capabilities on your instance and restrict internal index access to administrator-level roles. <br><br>See [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities), [Deploy a search head cluster](https://help.splunk.com/en/splunk-enterprise/administer/distributed-search/9.4/deploy-search-head-clustering/deploy-a-search-head-cluster), [Deploy secure passwords across multiple servers](https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/9.4/install-splunk-enterprise-securely/deploy-secure-passwords-across-multiple-servers) and [Set a security key for the search head cluster](https://help.splunk.com/splunk-enterprise/administer/distributed-search/9.4/configure-search-head-clustering/set-a-security-key-for-the-search-head-cluster#id_2c54937a_736c_47b5_9485_67e9e390acfa__Set_a_security_key_for_the_search_head_cluster) for more information.

Information Disclosure Splunk
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-20324 MEDIUM PATCH This Month

In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.7, and 9.1.10 and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create or overwrite [system source type](https://help.splunk.com/en/splunk-enterprise/get-started/get-data-in/9.2/configure-source-types/create-source-types) configurations by sending a specially-crafted payload to the `/servicesNS/nobody/search/admin/sourcetypes/` REST endpoint on the Splunk management port.

Authentication Bypass Splunk Splunk Cloud Platform
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-20323 MEDIUM PATCH This Month

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the scheduled search `Bucket Copy Trigger` within the Splunk Archiver application. This is because of missing access controls in the saved searches for this app.

Authentication Bypass Splunk
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-20322 MEDIUM PATCH This Month

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, an unauthenticated attacker could send a specially-crafted SPL search command that could trigger a rolling restart in the Search Head Cluster through a Cross-Site Request Forgery (CSRF), potentially leading to a denial of service (DoS).<br><br>The vulnerability requires the attacker to phish the administrator-level victim by tricking them into initiating a request within their browser. The attacker should not be able to exploit the vulnerability at will.<br><br>See [How rolling restart works](https://docs.splunk.com/Documentation/Splunk/9.4.2/DistSearch/RestartSHC) for more information.

CSRF Denial Of Service Splunk Cloud Platform Splunk
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-20321 MEDIUM PATCH This Month

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.114, and 9.2.2406.119, an unauthenticated attacker can send a specially-crafted SPL search that could change the membership state in a Splunk Search Head Cluster (SHC) through a Cross-Site Request Forgery (CSRF), potentially leading to the removal of the captain or a member of the SHC.<br><br>The vulnerability requires the attacker to phish the administrator-level victim by tricking them into initiating a request within their browser. The attacker should not be able to exploit the vulnerability at will.

CSRF Splunk Splunk Cloud Platform
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-20320 MEDIUM PATCH This Month

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `User Interface - Views` configuration page that could potentially lead to a denial of service (DoS).The user could cause the DoS by exploiting a path traversal vulnerability that allows for deletion of arbitrary files within a Splunk directory. The vulnerability requires the low-privileged user to phish the administrator-level victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will.

Denial Of Service Path Traversal Splunk Cloud Platform Splunk
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-20319 MEDIUM PATCH This Month

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege capability `edit_scripted` and `list_inputs` capability , could perform a remote command execution due to improper user input sanitization on the scripted input files.<br><br>See [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities) and [Setting up a scripted input ](https://docs.splunk.com/Documentation/Splunk/9.4.2/AdvancedDev/ScriptSetup)for more information.

Command Injection Splunk
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-20300 MEDIUM PATCH This Month

In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.112, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles, and has read-only access to a specific alert, could suppress that alert when it triggers. See [Define alert suppression groups to throttle sets of similar alerts](https://help.splunk.com/en/splunk-enterprise/alert-and-respond/alerting-manual/9.4/manage-alert-trigger-conditions-and-throttling/define-alert-suppression-groups-to-throttle-sets-of-similar-alerts).

Authentication Bypass Splunk Splunk Cloud Platform
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-20298 HIGH PATCH This Week

Privilege escalation vulnerability in Splunk Universal Forwarder for Windows where incorrect file system permissions are assigned during installation or upgrade, allowing non-administrator users to read and modify sensitive files in the installation directory. This affects versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, and could enable unauthorized access to credentials, configuration files, and system monitoring data. While CVSS 8.0 indicates high severity, real-world exploitation requires local access and user interaction (UI requirement per vector), limiting attack scope.

Splunk Windows Microsoft Privilege Escalation Information Disclosure +1
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-20297 MEDIUM PATCH This Month

In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint that could result in execution of unauthorized JavaScript code in the browser of a user.

XSS Splunk Splunk Cloud Platform
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-20230 MEDIUM This Month

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Splunk Splunk Secure Gateway
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-20233 LOW Monitor

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the `chmod` and `makedirs` Python functions in a way that resulted in overly broad read and execute. Rated low severity (CVSS 2.5). No vendor patch available.

Python Information Disclosure Splunk App For Lookup File Editing Splunk
NVD
CVSS 3.1
2.5
EPSS
0.0%
CVE-2025-20232 MEDIUM This Month

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208 and 9.1.2308.212, a low-privileged user. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk Splunk Cloud Platform
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2025-20231 HIGH This Week

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Splunk Splunk Secure Gateway
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-20229 HIGH CERT-EU This Week

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass File Upload Splunk Splunk Cloud Platform
NVD
CVSS 3.1
8.0
EPSS
0.7%
CVE-2025-20228 MEDIUM This Month

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Splunk Splunk Cloud Platform
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-20227 MEDIUM This Month

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208 and 9.1.2308.214, a low-privileged. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk Splunk Cloud Platform
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-20226 MEDIUM This Month

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.111, and 9.1.2308.214, a low-privileged user that does not hold the. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk Splunk Cloud Platform
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2025-22621 MEDIUM This Month

In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the `admin_all_objects` capability to the `splunk_app_soar` role. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Splunk
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-53247 HIGH This Week

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.4.261 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Splunk
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-53246 HIGH This Week

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Splunk Splunk Cloud Platform
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-53245 MEDIUM This Month

In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk Splunk Cloud Platform
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-53244 MEDIUM This Month

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk Splunk Cloud Platform
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2024-53243 MEDIUM This Month

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-45741 MEDIUM This Month

In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Splunk Splunk Cloud Platform
NVD
CVSS 3.1
5.4
EPSS
12.9%
CVE-2024-45740 MEDIUM This Month

In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Splunk Splunk Cloud Platform
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-45739 MEDIUM This Month

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-45738 MEDIUM This Month

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-45737 LOW Monitor

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power". Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Splunk Splunk Cloud Platform
NVD
CVSS 3.1
3.5
EPSS
0.2%
CVE-2024-45736 MEDIUM This Month

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Splunk Splunk Cloud Platform
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-45735 MEDIUM This Month

In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Splunk Splunk Cloud Platform
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-45734 MEDIUM This Month

In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Splunk
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-45733 HIGH This Week

In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Splunk Microsoft
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-45732 MEDIUM This Month

In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Splunk Splunk Cloud Platform
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-45731 HIGH This Week

In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk Information Disclosure Microsoft
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2024-36997 HIGH This Week

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Splunk Splunk Cloud Platform
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-36996 MEDIUM This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Splunk Splunk Cloud Platform
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-36995 LOW Monitor

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Splunk Splunk Cloud Platform
NVD
CVSS 3.1
3.5
EPSS
0.2%
CVE-2024-36994 MEDIUM This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Splunk Splunk Cloud Platform
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-36993 MEDIUM POC This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Splunk Splunk Cloud Platform
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-36992 MEDIUM This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Splunk Splunk Cloud Platform
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-36991 HIGH POC THREAT This Week

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk Path Traversal Microsoft
NVD
CVSS 3.1
7.5
EPSS
13.1%
CVE-2024-36990 MEDIUM POC This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Splunk Splunk Cloud Platform
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-36989 MEDIUM This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Splunk Cloud
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVSS 5.3
MEDIUM PATCH This Month

Credential hash exposure in Splunk Enterprise and Splunk Cloud Platform allows low-privileged users - those without the 'admin' or 'power' roles - to retrieve stored credential hashes by issuing the `|rest` SPL command against the `/servicesNS/-/-/storage/passwords` endpoint, which incorrectly returns the `encr_password` field. Affected are Splunk Enterprise branches below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and multiple Splunk Cloud Platform versions. No public exploit has been identified at time of analysis and this CVE is not in CISA KEV, but the real-world impact is significant wherever Splunk stores credentials for external services such as databases, APIs, or cloud accounts.

Splunk Information Disclosure Splunk Enterprise +1
NVD
CVSS 8.3
HIGH PATCH This Week

Cross-Site Request Forgery combined with SPL injection in Splunk Enterprise (below 10.4.1, 10.2.5, 10.0.8, 9.4.13) and Splunk Cloud Platform lets an attacker trick a logged-in user holding the list_deployment_server capability into unknowingly executing attacker-controlled Search Processing Language searches as the privileged splunk-system-user, exposing stored credentials and indexed data. The flaw stems from Deployment Server endpoints in Splunk Web accepting unvalidated GET requests without CSRF token checks and failing to neutralize caller input before it reaches an SPL search. No public exploit has been identified at time of analysis and it is not listed in CISA KEV.

Splunk CSRF Splunk Enterprise +1
NVD
CVSS 7.2
HIGH PATCH This Week

Arbitrary file write in Splunk Enterprise (versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, 9.3.14) and Splunk Cloud Platform lets a privileged user with the edit_local_apps and install_apps capabilities abuse the app-installation workflow to write files outside the target app directory into $SPLUNK_HOME/etc/ and its subdirectories. The flaw is a path traversal (CWE-22) that can be leveraged to overwrite Splunk configuration and system files, yielding high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis and it is not listed in CISA KEV.

Splunk Path Traversal Splunk Enterprise +1
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Authenticated command injection in Splunk AI Toolkit versions below 5.7.4 allows a user with the Splunk admin role to execute arbitrary OS commands on the underlying Splunk Enterprise host. The flaw lives in the btool configuration helper, which builds shell command strings from dynamic parameters with shell interpretation enabled. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Command Injection Splunk Splunk Ai Toolkit
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Outbound SSRF-class data exfiltration in Splunk AI Toolkit versions below 5.7.4 allows any low-privileged authenticated Splunk user - without admin or power roles - to redirect the AI agent's HTTP request mechanism to an attacker-controlled server. The root cause is an insecure default domain allowlist shipped with the toolkit that places no restrictions on which external domains the AI agent may contact. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog, but the low privilege barrier makes it broadly relevant in enterprise Splunk deployments with many standard users.

Splunk Information Disclosure Splunk Ai Toolkit
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Stored cross-site scripting in Splunk Enterprise (below 10.2.4, 10.0.7, 9.4.12, 9.3.13) and Splunk Cloud Platform (below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, 9.3.2411.132) allows a low-privileged authenticated user - without 'admin' or 'power' roles - to embed malicious JavaScript inside a classic dashboard HTML panel that executes in another user's browser session. Exploitation requires phishing the victim into initiating a specific browser request, and no public exploit was identified at time of analysis.

XSS Splunk Splunk Enterprise +1
NVD VulDB
EPSS 0% 5.0 CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

Unauthenticated arbitrary file write in Splunk Enterprise (below 10.2.4 and 10.0.7) and Splunk Cloud Platform (below 10.4.2604.3 and 10.2.2510.14) allows remote attackers to create or truncate files on the host via an unauthenticated PostgreSQL sidecar service endpoint. The CVSS 9.8 vector (AV:N/AC:L/PR:N/UI:N) reflects trivial network exploitation, and no public exploit identified at time of analysis, though the missing-auth root cause and Splunk's high-value position in enterprise SOCs makes prompt patching warranted.

Splunk PostgreSQL Authentication Bypass +2
NVD VulDB GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

ANSI escape code injection in Splunk SOAR versions below 8.5.0 allows an unauthenticated remote attacker to embed terminal control sequences into application log files via crafted HTTP request paths. When an administrator subsequently views those logs in a terminal emulator, the escape codes may be interpreted, enabling visual output manipulation such as overwriting displayed text, hiding log entries, or altering terminal state. No public exploit code has been identified at time of analysis, and exploitation requires administrator interaction with affected log output, keeping real-world risk moderate despite the low authentication barrier.

Code Injection Splunk Splunk Soar
NVD
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Server-side request forgery in Splunk Enterprise (below 10.2.4, 10.0.7, 9.4.12, 9.3.13) and Splunk Cloud Platform lets a low-privileged authenticated user coerce the Dashboard Studio PDF export feature into issuing HTTP requests to arbitrary internal destinations. The flaw stems from a flawed prefix-match on trusted domains plus uncritical redirect-following by the PDF export service. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

SSRF Splunk Splunk Enterprise +1
NVD
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Classic dashboard style attribute injection in Splunk Enterprise and Splunk Cloud Platform enables a low-privileged authenticated user to craft panels that bypass the Trusted Domains List and exfiltrate sensitive data from a higher-privileged user's browser session. Affected branches span Splunk Enterprise below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and multiple Splunk Cloud Platform release trains. No public exploit has been identified at time of analysis, and SSVC rates current exploitation as none with partial technical impact, though the high confidentiality impact potential warrants prompt patching in environments where low-privileged users can share dashboards with administrators.

Information Disclosure Splunk Splunk Enterprise +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Improper access control on the saved search ownership reassignment endpoint in Splunk Enterprise and Splunk Cloud Platform allows a highly privileged authenticated user - one whose role contains the `edit_saved_search_owner` capability - to reassign saved search ownership to users outside their authorized scope. Affected versions span Splunk Enterprise below 10.2.4 and 10.0.7, and multiple Splunk Cloud Platform branches below their respective fixed builds. No public exploit has been identified at time of analysis, and the PR:H CVSS requirement confines risk primarily to insider threats or scenarios involving compromised privileged Splunk accounts.

Splunk Authentication Bypass Splunk Enterprise +1
NVD
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Classic dashboard URL validation bypass in Splunk Enterprise and Splunk Cloud Platform enables low-privileged authenticated users to craft dashboards that silently exfiltrate sensitive data to attacker-controlled external servers. The flaw (CWE-20) resides in the external content dialog, which fails to enforce complete domain restrictions, allowing outbound requests to untrusted hosts when a victim interacts with the malicious dashboard. No public exploit exists and this vulnerability is not listed in CISA KEV, but the High confidentiality impact (C:H) in the CVSS vector reflects meaningful data exposure risk in environments where Splunk indexes security events, credentials, or sensitive operational logs.

Information Disclosure Splunk Splunk Enterprise +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Splunk Enterprise, Splunk Cloud Platform, and the Splunk Secure Gateway app allows a low-privileged authenticated user (without 'admin' or 'power' roles) to execute arbitrary Python on the server by abusing unsafe jsonpickle deserialization of App Key Value Store (KV Store) data. CVSS is 8.8 (network, low complexity, low privileges) and the issue is currently rated as no public exploit identified at time of analysis. The flaw is reported by Cisco and disclosed via Splunk advisory SVD-2026-0601.

Python Deserialization Splunk +4
NVD VulDB
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

CSS injection in Splunk Enterprise and Splunk Cloud Platform classic dashboards enables credential and sensitive data exfiltration by low-privileged users targeting higher-privileged accounts. A low-privileged user (without 'admin' or 'power' roles) can craft a malicious classic dashboard containing injected CSS via inline style attributes; when a higher-privileged user views the dashboard, outbound HTTP requests are triggered to attacker-controlled external servers, bypassing the Trusted Domains restriction. No public exploit has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog, but the C:H confidentiality impact and cross-privilege exploitation path make this a meaningful insider or compromised-account threat in environments with mixed privilege levels.

Information Disclosure Splunk Splunk Enterprise +1
NVD VulDB
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Classic dashboard drill-down links in Splunk Enterprise and Splunk Cloud Platform can be weaponized by low-privileged authenticated users to silently redirect victims to attacker-controlled external sites, enabling data exfiltration. The flaw stems from an incomplete URL scheme validator that recognizes only 'http://' and 'https://' prefixes, allowing protocol-relative URLs like '//attacker.com' to bypass the external-navigation warning dialog entirely. No public exploit code exists and no active exploitation is confirmed (not in CISA KEV), but the attack requires only a low-privileged account and a single victim click, making it a realistic phishing vector in multi-tenant or large enterprise Splunk deployments.

Authentication Bypass Splunk Splunk Enterprise +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Unauthorized data disclosure in Splunk AI Toolkit versions below 5.7.3 allows authenticated low-privileged users to bypass srchFilter-based access controls and read confidential data scoped to more restricted custom roles. The flaw stems from the Splunk platform's behavior of combining inherited search filters via the OR SPL operator, causing the permissive filter injected by the AI Toolkit's authorize.conf to override stricter filters on child roles. No active exploitation confirmed (not in CISA KEV) and no public exploit identified at time of analysis, but the CVSS confidentiality impact is rated High, making this a meaningful data exposure risk in multi-tenant or compliance-sensitive Splunk deployments.

Authentication Bypass Splunk
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Sensitive information disclosure in Splunk Enterprise (below 10.2.2 and 10.0.5) and Splunk Cloud Platform (multiple branches below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13) allows authenticated users with a role granting access to the `_internal` index to view session cookies and response bodies containing sensitive data logged by the platform. Cisco-reported and patched by Splunk in advisory SVD-2026-0503, the issue is a CWE-532 sensitive-data-in-logs flaw rather than a remote code execution bug, with no public exploit identified at time of analysis.

Information Disclosure Splunk
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Denial of Service in Splunk Enterprise and Splunk Cloud Platform allows a low-privileged authenticated user to render the entire instance non-functional by exploiting missing input validation in the `coldToFrozen.sh` script bundled with the `splunk_archiver` app. The script accepts arbitrary file paths and renames them without restricting operations to safe directories, enabling renaming of critical Splunk system directories. No public exploit or CISA KEV listing has been identified at time of analysis, but the low privilege requirement (PR:L per CVSS) makes this actionable for any authenticated non-admin user in multi-tenant or enterprise deployments. A vendor patch is available via advisory SVD-2026-0504.

Denial Of Service Splunk
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Path traversal in the CSV Export endpoint of ghantakiran's splunk-mcp-integration allows remote unauthenticated attackers to access arbitrary files on the server by manipulating the job_name parameter in the create_csv_export function. The vulnerability affects all versions up to commit 0b86b09d5e5adf0433acd43c975951224613a1a6, with publicly available exploit code disclosed via GitHub issue; no vendor patch has been released despite early notification.

Path Traversal Splunk
NVD VulDB GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

Improper access control in the Discover Splunk Observability Cloud app allows low-privileged users without admin or power roles to retrieve Observability Cloud API access tokens in Splunk Enterprise versions below 10.2.1/10.0.4 and Splunk Cloud Platform versions below 10.2.2510.5/10.1.2507.16/10.0.2503.12. An attacker with low-level credentials could leverage this to obtain API tokens for unauthorized access to Observability Cloud resources. No patch is currently available.

Information Disclosure Splunk Splunk Cloud Platform
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

Improper access control in Splunk Enterprise and Cloud Platform versions below specified thresholds allows low-privileged users without admin or power roles to extract sensitive information from job search logs through the MongoClient logging channel. Affected versions include Enterprise 10.2.1, 10.0.4, 9.4.9, and 9.3.10, as well as corresponding Cloud Platform releases. No patch is currently available for this medium-severity vulnerability.

Information Disclosure Splunk Splunk Cloud Platform
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Splunk Enterprise and Cloud Platform versions below specified thresholds fail to properly restrict access to the passwords configuration API endpoint, allowing low-privileged users without admin or power roles to retrieve hashed or plaintext credential values from passwords.conf. This information disclosure vulnerability could enable attackers to obtain sensitive authentication credentials for further system compromise. No patch is currently available.

Information Disclosure Splunk Splunk Cloud Platform
NVD VulDB
EPSS 0% CVSS 7.2
HIGH This Week

Arbitrary shell command execution in Splunk Enterprise and Cloud Platform allows authenticated users with the edit_cmd capability to inject commands through the unarchive_cmd parameter in the preview upload endpoint. Affected versions include Splunk Enterprise below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, as well as corresponding Cloud Platform versions. An attacker with high-privilege roles could achieve remote code execution on vulnerable systems, though no patch is currently available.

Command Injection Splunk Splunk Cloud Platform
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

Stored XSS via path traversal in Splunk Enterprise and Cloud Platform allows low-privileged users to inject malicious JavaScript into Views, compromising any user who visits the affected page. An attacker must socially engineer a victim into initiating the malicious request, but no special privileges or user interaction beyond initial page load is required. Affected versions include Splunk Enterprise below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, with no patch currently available.

XSS Path Traversal Splunk +1
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

Splunk Enterprise and Splunk Cloud Platform deployments expose SAML authentication configurations in plaintext logs accessible to users with Search Head Cluster administrative roles and _internal index access, allowing credential and authentication extension disclosure. Affected versions include Splunk Enterprise below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, as well as Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120. No patch is currently available for this medium-severity vulnerability.

Information Disclosure Splunk Splunk Cloud Platform
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Splunk Enterprise versions before 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11 expose RSA access keys in plain text within the Authentication.conf file to users with access to the _internal index on Search Head Cluster deployments. A privileged user with appropriate role permissions could read these sensitive credentials, compromising authentication security. No patch is currently available for this medium-severity vulnerability.

Information Disclosure Splunk
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Improper access control in Splunk Enterprise versions below 9.3.9, 9.4.8, and 10.0.2 allows low-privileged users without admin roles to access the Monitoring Console App endpoints, enabling unauthorized disclosure of sensitive information. The vulnerability affects only on-premises Splunk Enterprise deployments and does not impact Splunk Cloud Platform instances. No patch is currently available.

Information Disclosure Splunk
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Client-side denial-of-service in Splunk Enterprise and Splunk Cloud Platform allows low-privileged users to inject malicious payloads through user profile parameters in the authentication REST API endpoint, causing significant page load delays or temporary unresponsiveness of the Splunk Web interface. Affected versions include Splunk Enterprise below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121. No patch is currently available for this vulnerability.

Denial Of Service Splunk Cloud Platform Splunk
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Splunk Search Head Cluster deployments below versions 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11 expose Duo Two-Factor Authentication secrets (integrationKey, secretKey, appSecretKey) in plain text to users with access to the _internal index and appropriate roles. An authenticated attacker with these privileges could retrieve sensitive credentials and compromise Duo authentication controls for the Splunk environment. No patch is currently available for this vulnerability.

Information Disclosure Splunk
NVD
EPSS 0% CVSS 3.5
LOW Monitor

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky commands when they create a Data Model that contains an injected SPL query within an object. [CVSS 3.5 LOW]

Path Traversal Splunk Splunk Cloud Platform
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8.58 and 3.7.28 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `label` column field after adding a new device in the Splunk Secure Gateway app. This could potentially lead to a client-side denial of service (DoS).

Denial Of Service Splunk Splunk Secure Gateway +1
NVD
EPSS 0% CVSS 2.7
LOW PATCH Monitor

In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116, a user who holds a role that contains the high privilege capability `change_authentication` could enumerate internal IP addresses and network ports when adding new search peers to a Splunk search head in a distributed environment.

SSRF Splunk
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory. This lets non-administrator users on the machine access the directory and all its contents.

Microsoft Information Disclosure Splunk +1
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Splunk Enterprise for Windows Installation directory. This lets non-administrator users on the machine access the directory and all its contents.

Microsoft Information Disclosure Splunk +1
NVD
EPSS 0% CVSS 2.4
LOW PATCH Monitor

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability `admin_all_objects` could craft a malicious payload through the href attribute of an anchor tag within a collection in the navigation bar, which could result in execution of unauthorized JavaScript code in the browser of a user.

XSS Splunk
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A security vulnerability in Splunk Enterprise (CVSS 5.3) that allows them. Remediation should follow standard vulnerability management procedures.

Information Disclosure Splunk Splunk Cloud Platform
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gateway app in Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles and subscribes to mobile push notifications could receive notifications that disclose the title and description of the report or alert even if they do not have access to view the report or alert.

Information Disclosure Splunk Splunk Secure Gateway +1
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.10, 10.0.2503.8, and 9.3.2411.120, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a views dashboard with a custom background using the `data:image/png;base64` protocol that could potentially lead to an unvalidated redirect. This behavior circumvents the Splunk external URL warning mechanism by using a specially crafted URL, allowing for a redirection to an external malicious site. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.

Open Redirect Splunk
NVD
EPSS 0% CVSS 3.5
LOW Monitor

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk Splunk Cloud Platform
NVD
EPSS 0% CVSS 3.1
LOW Monitor

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform versions below 10.0.2503.5, 9.3.2411.111, and 9.3.2408.121, an unauthenticated attacker could craft a. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Open Redirect Splunk Splunk Cloud Platform
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery (SSRF) potentially letting an attacker perform REST API calls on behalf of an authenticated high-privileged user.

SSRF Splunk Splunk Cloud Platform
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the high-privilege capability `change_authentication`, could send multiple LDAP bind requests to a specific internal endpoint, resulting in high server CPU usage, which could potentially lead to a denial of service (DoS) until the Splunk Enterprise instance is restarted. See https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/10.0/manage-splunk-platform-users-and-roles/define-roles-on-the-splunk-platform-with-capabilities and https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/10.0/use-ldap-as-an-authentication-scheme/configure-ldap-with-splunk-web#cfe47e31_007f_460d_8b3d_8505ffc3f0dd__Configure_LDAP_with_Splunk_Web for more information.

Denial Of Service Splunk Cloud Platform Splunk
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privilege user that does not hold the "admin" or "power" Splunk roles could perform an extensible markup language (XML) external entity (XXE) injection through the dashboard tab label field. The XXE injection has the potential to cause denial of service (DoS) attacks.

XXE Denial Of Service Splunk Cloud Platform +1
NVD
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through the error messages and job inspection details of a saved search. This could result in execution of unauthorized JavaScript code in the browser of a user.

XSS Splunk Splunk Cloud Platform
NVD
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

In Splunk Enterprise versions below 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious payload through the `dataset.command` parameter of the `/app/search/table` endpoint, which could result in execution of unauthorized JavaScript code in the browser of a user.

XSS Splunk Cloud Platform Splunk
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.111, 9.3.2408.119, and 9.2.2406.122, a low-privileged user that does not hold the admin or power Splunk roles could access sensitive search results if Splunk Enterprise runs an administrative search job in the background. If the low privileged user guesses the search job’s unique Search ID (SID), the user could retrieve the results of that job, potentially exposing sensitive search results. For more information see https://help.splunk.com/en/splunk-enterprise/search/search-manual/10.0/manage-jobs/about-jobs-and-job-management and https://help.splunk.com/en/splunk-enterprise/search/search-manual/10.0/manage-jobs/manage-search-jobs.

Authentication Bypass Splunk Splunk Cloud Platform
NVD
EPSS 0% CVSS 3.1
LOW PATCH Monitor

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119, the software potentially exposes the search head cluster [splunk.secret](https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/9.4/install-splunk-enterprise-securely/deploy-secure-passwords-across-multiple-servers) key. This exposure could happen if you have a Search Head cluster and you configure the Splunk Enterprise `SHCConfig` log channel at the DEBUG logging level in the clustered deployment. <br><br>The vulnerability would require either local access to the log files or administrative access to internal indexes, which by default only the admin role receives. Review roles and capabilities on your instance and restrict internal index access to administrator-level roles. <br><br>See [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities), [Deploy a search head cluster](https://help.splunk.com/en/splunk-enterprise/administer/distributed-search/9.4/deploy-search-head-clustering/deploy-a-search-head-cluster), [Deploy secure passwords across multiple servers](https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/9.4/install-splunk-enterprise-securely/deploy-secure-passwords-across-multiple-servers) and [Set a security key for the search head cluster](https://help.splunk.com/splunk-enterprise/administer/distributed-search/9.4/configure-search-head-clustering/set-a-security-key-for-the-search-head-cluster#id_2c54937a_736c_47b5_9485_67e9e390acfa__Set_a_security_key_for_the_search_head_cluster) for more information.

Information Disclosure Splunk
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.7, and 9.1.10 and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create or overwrite [system source type](https://help.splunk.com/en/splunk-enterprise/get-started/get-data-in/9.2/configure-source-types/create-source-types) configurations by sending a specially-crafted payload to the `/servicesNS/nobody/search/admin/sourcetypes/` REST endpoint on the Splunk management port.

Authentication Bypass Splunk Splunk Cloud Platform
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the scheduled search `Bucket Copy Trigger` within the Splunk Archiver application. This is because of missing access controls in the saved searches for this app.

Authentication Bypass Splunk
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, an unauthenticated attacker could send a specially-crafted SPL search command that could trigger a rolling restart in the Search Head Cluster through a Cross-Site Request Forgery (CSRF), potentially leading to a denial of service (DoS).<br><br>The vulnerability requires the attacker to phish the administrator-level victim by tricking them into initiating a request within their browser. The attacker should not be able to exploit the vulnerability at will.<br><br>See [How rolling restart works](https://docs.splunk.com/Documentation/Splunk/9.4.2/DistSearch/RestartSHC) for more information.

CSRF Denial Of Service Splunk Cloud Platform +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.114, and 9.2.2406.119, an unauthenticated attacker can send a specially-crafted SPL search that could change the membership state in a Splunk Search Head Cluster (SHC) through a Cross-Site Request Forgery (CSRF), potentially leading to the removal of the captain or a member of the SHC.<br><br>The vulnerability requires the attacker to phish the administrator-level victim by tricking them into initiating a request within their browser. The attacker should not be able to exploit the vulnerability at will.

CSRF Splunk Splunk Cloud Platform
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `User Interface - Views` configuration page that could potentially lead to a denial of service (DoS).The user could cause the DoS by exploiting a path traversal vulnerability that allows for deletion of arbitrary files within a Splunk directory. The vulnerability requires the low-privileged user to phish the administrator-level victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will.

Denial Of Service Path Traversal Splunk Cloud Platform +1
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege capability `edit_scripted` and `list_inputs` capability , could perform a remote command execution due to improper user input sanitization on the scripted input files.<br><br>See [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities) and [Setting up a scripted input ](https://docs.splunk.com/Documentation/Splunk/9.4.2/AdvancedDev/ScriptSetup)for more information.

Command Injection Splunk
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.112, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles, and has read-only access to a specific alert, could suppress that alert when it triggers. See [Define alert suppression groups to throttle sets of similar alerts](https://help.splunk.com/en/splunk-enterprise/alert-and-respond/alerting-manual/9.4/manage-alert-trigger-conditions-and-throttling/define-alert-suppression-groups-to-throttle-sets-of-similar-alerts).

Authentication Bypass Splunk Splunk Cloud Platform
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Privilege escalation vulnerability in Splunk Universal Forwarder for Windows where incorrect file system permissions are assigned during installation or upgrade, allowing non-administrator users to read and modify sensitive files in the installation directory. This affects versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, and could enable unauthorized access to credentials, configuration files, and system monitoring data. While CVSS 8.0 indicates high severity, real-world exploitation requires local access and user interaction (UI requirement per vector), limiting attack scope.

Splunk Windows Microsoft +3
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint that could result in execution of unauthorized JavaScript code in the browser of a user.

XSS Splunk Splunk Cloud Platform
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Splunk Splunk Secure Gateway
NVD
EPSS 0% CVSS 2.5
LOW Monitor

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the `chmod` and `makedirs` Python functions in a way that resulted in overly broad read and execute. Rated low severity (CVSS 2.5). No vendor patch available.

Python Information Disclosure Splunk App For Lookup File Editing +1
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208 and 9.1.2308.212, a low-privileged user. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk Splunk Cloud Platform
NVD
EPSS 0% CVSS 7.1
HIGH This Week

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Splunk Splunk Secure Gateway
NVD
EPSS 1% CVSS 8.0
HIGH This Week

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass File Upload +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Splunk Splunk Cloud Platform
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208 and 9.1.2308.214, a low-privileged. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk Splunk Cloud Platform
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.111, and 9.1.2308.214, a low-privileged user that does not hold the. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk Splunk Cloud Platform
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the `admin_all_objects` capability to the `splunk_app_soar` role. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Splunk
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.4.261 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Splunk
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Splunk Splunk Cloud Platform
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk Splunk Cloud Platform
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk Splunk Cloud Platform
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk
NVD
EPSS 13% CVSS 5.4
MEDIUM This Month

In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Splunk Splunk Cloud Platform
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Splunk Splunk Cloud Platform
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk
NVD
EPSS 0% CVSS 3.5
LOW Monitor

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power". Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Splunk Splunk Cloud Platform
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Splunk Splunk Cloud Platform
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Splunk Splunk Cloud Platform
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Splunk
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Splunk +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Splunk Splunk Cloud Platform
NVD
EPSS 1% CVSS 8.0
HIGH This Week

In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk Information Disclosure Microsoft
NVD
EPSS 1% CVSS 8.1
HIGH This Week

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Splunk Splunk Cloud Platform
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Splunk Splunk Cloud Platform
NVD
EPSS 0% CVSS 3.5
LOW Monitor

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Splunk Splunk Cloud Platform
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Splunk Splunk Cloud Platform
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Splunk Splunk Cloud Platform
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Splunk Splunk Cloud Platform
NVD
EPSS 13% CVSS 7.5
HIGH POC THREAT This Week

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk Path Traversal Microsoft
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Splunk Splunk Cloud Platform
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Splunk Cloud
NVD
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy