Skip to main content

Splunk Soar

1 CVEs product

Monthly

CVE-2026-20260 MEDIUM PATCH This Month

ANSI escape code injection in Splunk SOAR versions below 8.5.0 allows an unauthenticated remote attacker to embed terminal control sequences into application log files via crafted HTTP request paths. When an administrator subsequently views those logs in a terminal emulator, the escape codes may be interpreted, enabling visual output manipulation such as overwriting displayed text, hiding log entries, or altering terminal state. No public exploit code has been identified at time of analysis, and exploitation requires administrator interaction with affected log output, keeping real-world risk moderate despite the low authentication barrier.

Code Injection Splunk Splunk Soar
NVD
CVSS 3.1
4.3
EPSS
0.1%
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

ANSI escape code injection in Splunk SOAR versions below 8.5.0 allows an unauthenticated remote attacker to embed terminal control sequences into application log files via crafted HTTP request paths. When an administrator subsequently views those logs in a terminal emulator, the escape codes may be interpreted, enabling visual output manipulation such as overwriting displayed text, hiding log entries, or altering terminal state. No public exploit code has been identified at time of analysis, and exploitation requires administrator interaction with affected log output, keeping real-world risk moderate despite the low authentication barrier.

Code Injection Splunk Splunk Soar
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy