Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-20254 (GCVE-0-2026-20254)
Vulnerability from cvelistv5 – Published: 2026-06-10 17:15 – Updated: 2026-06-10 18:27
VLAI
EPSS
Title
Information Disclosure through External Content Restriction Bypass in Splunk Enterprise
Summary
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server when a higher-privileged user views it, bypassing the external content restriction through a Cascading Style Sheets (CSS) injection.<br><br>The Trusted Domains security check does not fully validate inline style attribute values, which can allow for outbound requests to untrusted domains and credential exfiltration when a victim views a crafted dashboard.
Severity
5.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Splunk | Splunk Enterprise |
Affected:
10.2 , < 10.2.4
(custom)
Affected: 10.0 , < 10.0.7 (custom) Affected: 9.4 , < 9.4.12 (custom) Affected: 9.3 , < 9.3.13 (custom) |
|
| Splunk | Splunk Cloud Platform |
Affected:
10.3.2512 , < 10.3.2512.13
(custom)
Affected: 10.2.2510 , < 10.2.2510.15 (custom) Affected: 10.1.2507 , < 10.1.2507.23 (custom) Affected: 9.3.2411 , < 9.3.2411.132 (custom) |
Date Public
2026-06-10 00:00
Credits
Fredrik Alexandersson (stok)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20254",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T18:26:45.451095Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T18:27:01.123Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.2.4",
"status": "affected",
"version": "10.2",
"versionType": "custom"
},
{
"lessThan": "10.0.7",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.12",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.13",
"status": "affected",
"version": "9.3",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.3.2512.13",
"status": "affected",
"version": "10.3.2512",
"versionType": "custom"
},
{
"lessThan": "10.2.2510.15",
"status": "affected",
"version": "10.2.2510",
"versionType": "custom"
},
{
"lessThan": "10.1.2507.23",
"status": "affected",
"version": "10.1.2507",
"versionType": "custom"
},
{
"lessThan": "9.3.2411.132",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Fredrik Alexandersson (stok)"
}
],
"datePublic": "2026-06-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server when a higher-privileged user views it, bypassing the external content restriction through a Cascading Style Sheets (CSS) injection.\u003cbr\u003e\u003cbr\u003eThe Trusted Domains security check does not fully validate inline style attribute values, which can allow for outbound requests to untrusted domains and credential exfiltration when a victim views a crafted dashboard."
}
],
"value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server when a higher-privileged user views it, bypassing the external content restriction through a Cascading Style Sheets (CSS) injection.\u003cbr\u003e\u003cbr\u003eThe Trusted Domains security check does not fully validate inline style attribute values, which can allow for outbound requests to untrusted domains and credential exfiltration when a victim views a crafted dashboard."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T17:15:59.452Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2026-0604"
}
],
"source": {
"advisory": "SVD-2026-0604"
},
"title": "Information Disclosure through External Content Restriction Bypass in Splunk Enterprise"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20254",
"datePublished": "2026-06-10T17:15:59.452Z",
"dateReserved": "2025-10-08T11:59:15.401Z",
"dateUpdated": "2026-06-10T18:27:01.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-20254",
"date": "2026-06-15",
"epss": "0.00254",
"percentile": "0.1648"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-20254\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2026-06-10T18:16:40.887\",\"lastModified\":\"2026-06-15T15:05:42.583\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server when a higher-privileged user views it, bypassing the external content restriction through a Cascading Style Sheets (CSS) injection.\u003cbr\u003e\u003cbr\u003eThe Trusted Domains security check does not fully validate inline style attribute values, which can allow for outbound requests to untrusted domains and credential exfiltration when a victim views a crafted dashboard.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":5.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.1,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"9.3.0\",\"versionEndExcluding\":\"9.3.13\",\"matchCriteriaId\":\"B9D80F1C-F849-4D62-B82A-6B8963EEEBFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"9.4.0\",\"versionEndExcluding\":\"9.4.12\",\"matchCriteriaId\":\"423B8DF2-B7A5-41AA-9CFD-75B2FD503ACC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.0.7\",\"matchCriteriaId\":\"0C9F1DED-280E-4C76-A867-A7A8FCBD1F7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"10.2.0\",\"versionEndExcluding\":\"10.2.4\",\"matchCriteriaId\":\"E3B992C0-AD5E-43A1-BAA3-6B11FFD5D750\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.3.2411\",\"versionEndExcluding\":\"9.3.2411.132\",\"matchCriteriaId\":\"88A68C7C-BE2C-465C-812B-8F211A8AE935\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.1.2507\",\"versionEndExcluding\":\"10.1.2507.23\",\"matchCriteriaId\":\"84E3B0CD-9909-4F06-9ABE-763705D501C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.2.2510\",\"versionEndExcluding\":\"10.2.2510.15\",\"matchCriteriaId\":\"71B91525-F2D6-4699-8D6B-8D375A8785EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.3.2512\",\"versionEndExcluding\":\"10.3.2512.13\",\"matchCriteriaId\":\"6387100F-0867-4B83-8071-BA1FCE023B2F\"}]}]}],\"references\":[{\"url\":\"https://advisory.splunk.com/advisories/SVD-2026-0604\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-20254\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-10T18:26:45.451095Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-10T18:26:50.346Z\"}}], \"cna\": {\"title\": \"Information Disclosure through External Content Restriction Bypass in Splunk Enterprise\", \"source\": {\"advisory\": \"SVD-2026-0604\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Fredrik Alexandersson (stok)\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 5.7, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Splunk\", \"product\": \"Splunk Enterprise\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.2\", \"lessThan\": \"10.2.4\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"10.0\", \"lessThan\": \"10.0.7\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"9.4\", \"lessThan\": \"9.4.12\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"9.3\", \"lessThan\": \"9.3.13\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Splunk\", \"product\": \"Splunk Cloud Platform\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.3.2512\", \"lessThan\": \"10.3.2512.13\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"10.2.2510\", \"lessThan\": \"10.2.2510.15\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"10.1.2507\", \"lessThan\": \"10.1.2507.23\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"9.3.2411\", \"lessThan\": \"9.3.2411.132\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2026-06-10T00:00:00.000Z\", \"references\": [{\"url\": \"https://advisory.splunk.com/advisories/SVD-2026-0604\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server when a higher-privileged user views it, bypassing the external content restriction through a Cascading Style Sheets (CSS) injection.\u003cbr\u003e\u003cbr\u003eThe Trusted Domains security check does not fully validate inline style attribute values, which can allow for outbound requests to untrusted domains and credential exfiltration when a victim views a crafted dashboard.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server when a higher-privileged user views it, bypassing the external content restriction through a Cascading Style Sheets (CSS) injection.\u003cbr\u003e\u003cbr\u003eThe Trusted Domains security check does not fully validate inline style attribute values, which can allow for outbound requests to untrusted domains and credential exfiltration when a victim views a crafted dashboard.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-20\", \"description\": \"The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2026-06-10T17:15:59.452Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-20254\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-10T18:27:01.123Z\", \"dateReserved\": \"2025-10-08T11:59:15.401Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2026-06-10T17:15:59.452Z\", \"assignerShortName\": \"cisco\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2026-AVI-0736
Vulnerability from certfr_avis - Published: 2026-06-11 - Updated: 2026-06-11
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une falsification de requêtes côté serveur (SSRF).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Splunk | Splunk Secure Gateway | Splunk Secure Gateway versions 3.10.x antérieures à 3.10.6 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.1.2507.x antérieures à 10.1.2507.23 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.3.x antérieures à 9.3.13 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.4.x antérieures à 9.4.12 | ||
| Splunk | SOAR | Splunk SOAR versions antérieures à 8.5.0 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.3.2411.x antérieures à 9.3.2411.132 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.2.2510.x antérieures à 10.2.2510.15 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.3.2512.x antérieures à 10.3.2512.13 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 10.0.x antérieures à 10.0.7 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.4.2604.x antérieures à 10.4.2604.3 | ||
| Splunk | Splunk Secure Gateway | Splunk Secure Gateway versions antérieures à 3.8.67 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 10.2.x antérieures à 10.2.4 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.0.2503.x antérieures à 10.0.2503.14 | ||
| Splunk | Splunk Secure Gateway | Splunk Secure Gateway versions 3.9.x antérieures à 3.9.20 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Splunk Secure Gateway versions 3.10.x ant\u00e9rieures \u00e0 3.10.6",
"product": {
"name": "Splunk Secure Gateway",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.1.2507.x ant\u00e9rieures \u00e0 10.1.2507.23",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.3.x ant\u00e9rieures \u00e0 9.3.13",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.4.x ant\u00e9rieures \u00e0 9.4.12",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk SOAR versions ant\u00e9rieures \u00e0 8.5.0",
"product": {
"name": "SOAR",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 9.3.2411.x ant\u00e9rieures \u00e0 9.3.2411.132",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.2.2510.x ant\u00e9rieures \u00e0 10.2.2510.15",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.3.2512.x ant\u00e9rieures \u00e0 10.3.2512.13",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 10.0.x ant\u00e9rieures \u00e0 10.0.7",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.4.2604.x ant\u00e9rieures \u00e0 10.4.2604.3",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Secure Gateway versions ant\u00e9rieures \u00e0 3.8.67",
"product": {
"name": "Splunk Secure Gateway",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 10.2.x ant\u00e9rieures \u00e0 10.2.4",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.0.2503.x ant\u00e9rieures \u00e0 10.0.2503.14",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Secure Gateway versions 3.9.x ant\u00e9rieures \u00e0 3.9.20",
"product": {
"name": "Splunk Secure Gateway",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-20260",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20260"
},
{
"name": "CVE-2026-22701",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22701"
},
{
"name": "CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"name": "CVE-2026-20259",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20259"
},
{
"name": "CVE-2026-2006",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2006"
},
{
"name": "CVE-2026-2005",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2005"
},
{
"name": "CVE-2026-24051",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24051"
},
{
"name": "CVE-2026-20256",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20256"
},
{
"name": "CVE-2026-20257",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20257"
},
{
"name": "CVE-2026-1703",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1703"
},
{
"name": "CVE-2026-27142",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27142"
},
{
"name": "CVE-2026-20255",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20255"
},
{
"name": "CVE-2026-20258",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20258"
},
{
"name": "CVE-2026-34480",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34480"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"name": "CVE-2025-68146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68146"
},
{
"name": "CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"name": "CVE-2026-20252",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20252"
},
{
"name": "CVE-2026-1229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1229"
},
{
"name": "CVE-2026-20254",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20254"
},
{
"name": "CVE-2025-12818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12818"
},
{
"name": "CVE-2026-4148",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4148"
},
{
"name": "CVE-2025-8869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8869"
},
{
"name": "CVE-2025-12817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12817"
},
{
"name": "CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"name": "CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"name": "CVE-2026-27459",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27459"
},
{
"name": "CVE-2026-4147",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4147"
},
{
"name": "CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"name": "CVE-2026-34516",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34516"
},
{
"name": "CVE-2026-27448",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27448"
},
{
"name": "CVE-2026-20251",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20251"
},
{
"name": "CVE-2026-23490",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23490"
},
{
"name": "CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"name": "CVE-2026-2003",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2003"
},
{
"name": "CVE-2026-4358",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4358"
},
{
"name": "CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"name": "CVE-2026-20253",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20253"
},
{
"name": "CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"name": "CVE-2026-34520",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34520"
},
{
"name": "CVE-2026-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2004"
},
{
"name": "CVE-2026-34477",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34477"
}
],
"initial_release_date": "2026-06-11T00:00:00",
"last_revision_date": "2026-06-11T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0736",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-06-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
"vendor_advisories": [
{
"published_at": "2026-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0612",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0612"
},
{
"published_at": "2026-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0602",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0602"
},
{
"published_at": "2026-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0610",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0610"
},
{
"published_at": "2026-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0601",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0601"
},
{
"published_at": "2026-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0603",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0603"
},
{
"published_at": "2026-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0608",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0608"
},
{
"published_at": "2026-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0609",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0609"
},
{
"published_at": "2026-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0611",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0611"
},
{
"published_at": "2026-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0606",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0606"
},
{
"published_at": "2026-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0605",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0605"
},
{
"published_at": "2026-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0604",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0604"
},
{
"published_at": "2026-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0607",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0607"
}
]
}
FKIE_CVE-2026-20254
Vulnerability from fkie_nvd - Published: 2026-06-10 18:16 - Updated: 2026-06-15 15:05
Severity
Summary
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server when a higher-privileged user views it, bypassing the external content restriction through a Cascading Style Sheets (CSS) injection.<br><br>The Trusted Domains security check does not fully validate inline style attribute values, which can allow for outbound requests to untrusted domains and credential exfiltration when a victim views a crafted dashboard.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@cisco.com | https://advisory.splunk.com/advisories/SVD-2026-0604 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| splunk | splunk | * | |
| splunk | splunk | * | |
| splunk | splunk | * | |
| splunk | splunk | * | |
| splunk | splunk_cloud_platform | * | |
| splunk | splunk_cloud_platform | * | |
| splunk | splunk_cloud_platform | * | |
| splunk | splunk_cloud_platform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "B9D80F1C-F849-4D62-B82A-6B8963EEEBFB",
"versionEndExcluding": "9.3.13",
"versionStartIncluding": "9.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "423B8DF2-B7A5-41AA-9CFD-75B2FD503ACC",
"versionEndExcluding": "9.4.12",
"versionStartIncluding": "9.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "0C9F1DED-280E-4C76-A867-A7A8FCBD1F7A",
"versionEndExcluding": "10.0.7",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "E3B992C0-AD5E-43A1-BAA3-6B11FFD5D750",
"versionEndExcluding": "10.2.4",
"versionStartIncluding": "10.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88A68C7C-BE2C-465C-812B-8F211A8AE935",
"versionEndExcluding": "9.3.2411.132",
"versionStartIncluding": "9.3.2411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84E3B0CD-9909-4F06-9ABE-763705D501C3",
"versionEndExcluding": "10.1.2507.23",
"versionStartIncluding": "10.1.2507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71B91525-F2D6-4699-8D6B-8D375A8785EE",
"versionEndExcluding": "10.2.2510.15",
"versionStartIncluding": "10.2.2510",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6387100F-0867-4B83-8071-BA1FCE023B2F",
"versionEndExcluding": "10.3.2512.13",
"versionStartIncluding": "10.3.2512",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server when a higher-privileged user views it, bypassing the external content restriction through a Cascading Style Sheets (CSS) injection.\u003cbr\u003e\u003cbr\u003eThe Trusted Domains security check does not fully validate inline style attribute values, which can allow for outbound requests to untrusted domains and credential exfiltration when a victim views a crafted dashboard."
}
],
"id": "CVE-2026-20254",
"lastModified": "2026-06-15T15:05:42.583",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "psirt@cisco.com",
"type": "Primary"
}
]
},
"published": "2026-06-10T18:16:40.887",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://advisory.splunk.com/advisories/SVD-2026-0604"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
}
]
}
GHSA-C58F-CC4Q-2MVJ
Vulnerability from github – Published: 2026-06-10 18:31 – Updated: 2026-06-10 18:31
VLAI
Details
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server when a higher-privileged user views it, bypassing the external content restriction through a Cascading Style Sheets (CSS) injection.
The Trusted Domains security check does not fully validate inline style attribute values, which can allow for outbound requests to untrusted domains and credential exfiltration when a victim views a crafted dashboard.
Severity
5.7 (Medium)
{
"affected": [],
"aliases": [
"CVE-2026-20254"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-10T18:16:40Z",
"severity": "MODERATE"
},
"details": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server when a higher-privileged user views it, bypassing the external content restriction through a Cascading Style Sheets (CSS) injection.\u003cbr\u003e\u003cbr\u003eThe Trusted Domains security check does not fully validate inline style attribute values, which can allow for outbound requests to untrusted domains and credential exfiltration when a victim views a crafted dashboard.",
"id": "GHSA-c58f-cc4q-2mvj",
"modified": "2026-06-10T18:31:46Z",
"published": "2026-06-10T18:31:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20254"
},
{
"type": "WEB",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0604"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
NCSC-2026-0198
Vulnerability from csaf_ncscnl - Published: 2026-06-15 08:27 - Updated: 2026-06-15 08:27Summary
Kwetsbaarheden verholpen in Splunk Enterprise en Splunk Cloud Platform
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Splunk heeft meerdere kwetsbaarheden verholpen in Splunk Enterprise en Splunk Cloud Platform.
Interpretaties: De kwetsbaarheden betreffen verschillende onderdelen van Splunk Enterprise en Splunk Cloud Platform. Splunk heeft de kwetsbaarheid met kenmerk CVE-2026-20253 in de PostgreSQL sidecar service endpoint als kritiek beoordeeld en maakt het mogelijk voor niet-geauthenticeerde gebruikers om willekeurige bestanden aan te maken of te verwijderen door het ontbreken van authenticatiecontroles.
Een andere kwetsbaarheid met kenmerk CVE-2026-20251 betreft een Remote Code Execution (RCE) via onveilige deserialisatie van KV Store data met de 'jsonpickle' Python library, waarbij laaggeprivilegieerde gebruikers zonder admin- of power-rollen code op afstand kunnen uitvoeren.
Verder zijn meerdere kwetsbaarheden vastgesteld die het mogelijk maken om gevoelige gegevens te exfiltreren via onder meer SSRF-, CSS-injectie- en XSS-aanvallen. Door onvoldoende validatie van URL’s, domeinen en gebruikersinvoer kunnen aanvallers beveiligingscontroles omzeilen, interne systemen benaderen en data buitmaken.
Oplossingen: Splunk heeft updates uitgebracht om de kwetsbaarheden in Splunk Enterprise en Splunk Cloud Platform te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-284: Improper Access Control
CWE-306: Missing Authentication for Critical Function
CWE-502: Deserialization of Untrusted Data
CWE-918: Server-Side Request Forgery (SSRF)
Certain older versions of Splunk Enterprise and Splunk Cloud Platform contain a vulnerability in the PostgreSQL sidecar service endpoint that allows unauthenticated users to create or truncate arbitrary files due to missing authentication controls.
9.8 (Critical)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Splunk / Splunk Cloud Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Splunk / Splunk Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Splunk / Splunk Secure Gateway
|
vers:unknown/* | ||
|
vers:unknown/*
Splunk / splunk
|
vers:unknown/* |
A Remote Code Execution vulnerability in certain versions of Splunk Enterprise, Splunk Cloud Platform, and Splunk Secure Gateway allows low-privileged users to exploit unsafe deserialization of KV Store data via the 'jsonpickle' Python library.
8.8 (High)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Splunk / Splunk Cloud Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Splunk / Splunk Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Splunk / Splunk Secure Gateway
|
vers:unknown/* | ||
|
vers:unknown/*
Splunk / splunk
|
vers:unknown/* |
A vulnerability in Splunk Enterprise and Splunk Cloud Platform allows low-privileged users to perform server-side request forgery via the Dashboard Studio PDF export feature due to improper trusted-domain validation and automatic HTTP redirect handling.
7.6 (High)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Splunk / Splunk Cloud Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Splunk / Splunk Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Splunk / Splunk Secure Gateway
|
vers:unknown/* | ||
|
vers:unknown/*
Splunk / splunk
|
vers:unknown/* |
Certain versions of Splunk Enterprise and Splunk Cloud Platform contain a CSS injection vulnerability in classic dashboards that allows low-privileged users to exfiltrate sensitive data via insufficient Trusted Domains validation when viewed by higher-privileged users.
5.7 (Medium)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Splunk / Splunk Cloud Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Splunk / Splunk Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Splunk / Splunk Secure Gateway
|
vers:unknown/* | ||
|
vers:unknown/*
Splunk / splunk
|
vers:unknown/* |
A vulnerability in Splunk Enterprise and Splunk Cloud Platform allows low-privileged users to create malicious classic dashboards that can exfiltrate sensitive data due to incomplete URL validation in the external content dialog.
5.7 (Medium)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Splunk / Splunk Cloud Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Splunk / Splunk Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Splunk / Splunk Secure Gateway
|
vers:unknown/* | ||
|
vers:unknown/*
Splunk / splunk
|
vers:unknown/* |
A vulnerability in certain versions of Splunk Enterprise and Splunk Cloud Platform enables low-privileged users to exfiltrate data via protocol-relative URLs in classic dashboard drill-down links, bypassing URL validation and external-navigation warnings.
5.7 (Medium)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Splunk / Splunk Cloud Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Splunk / Splunk Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Splunk / Splunk Secure Gateway
|
vers:unknown/* | ||
|
vers:unknown/*
Splunk / splunk
|
vers:unknown/* |
A vulnerability in Splunk Enterprise and Splunk Cloud Platform allows low-privileged users to exfiltrate sensitive data from higher-privileged browsers via crafted dashboards exploiting insufficient style attribute validation, requiring phishing to execute.
5.7 (Medium)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Splunk / Splunk Cloud Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Splunk / Splunk Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Splunk / Splunk Secure Gateway
|
vers:unknown/* | ||
|
vers:unknown/*
Splunk / splunk
|
vers:unknown/* |
Certain versions of Splunk Enterprise and Splunk Cloud Platform contain an access control flaw allowing users with the `edit_saved_search_owner` capability to improperly reassign saved search ownership beyond their authorized scope.
5.5 (Medium)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Splunk / Splunk Cloud Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Splunk / Splunk Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Splunk / Splunk Secure Gateway
|
vers:unknown/* | ||
|
vers:unknown/*
Splunk / splunk
|
vers:unknown/* |
A vulnerability in certain versions of Splunk Enterprise and Splunk Cloud Platform allows low-privileged users to execute unauthorized JavaScript code in another user's browser via malicious HTML panels in classic dashboards.
7.1 (High)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Splunk / Splunk Cloud Platform
|
vers:unknown/* | ||
|
vers:unknown/*
Splunk / Splunk Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Splunk / Splunk Secure Gateway
|
vers:unknown/* | ||
|
vers:unknown/*
Splunk / splunk
|
vers:unknown/* |
References
18 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Splunk heeft meerdere kwetsbaarheden verholpen in Splunk Enterprise en Splunk Cloud Platform.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden betreffen verschillende onderdelen van Splunk Enterprise en Splunk Cloud Platform. Splunk heeft de kwetsbaarheid met kenmerk CVE-2026-20253 in de PostgreSQL sidecar service endpoint als kritiek beoordeeld en maakt het mogelijk voor niet-geauthenticeerde gebruikers om willekeurige bestanden aan te maken of te verwijderen door het ontbreken van authenticatiecontroles. \nEen andere kwetsbaarheid met kenmerk CVE-2026-20251 betreft een Remote Code Execution (RCE) via onveilige deserialisatie van KV Store data met de \u0027jsonpickle\u0027 Python library, waarbij laaggeprivilegieerde gebruikers zonder admin- of power-rollen code op afstand kunnen uitvoeren. \nVerder zijn meerdere kwetsbaarheden vastgesteld die het mogelijk maken om gevoelige gegevens te exfiltreren via onder meer SSRF-, CSS-injectie- en XSS-aanvallen. Door onvoldoende validatie van URL\u2019s, domeinen en gebruikersinvoer kunnen aanvallers beveiligingscontroles omzeilen, interne systemen benaderen en data buitmaken.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Splunk heeft updates uitgebracht om de kwetsbaarheden in Splunk Enterprise en Splunk Cloud Platform te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0601"
},
{
"category": "external",
"summary": "Reference",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0602"
},
{
"category": "external",
"summary": "Reference",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0603"
},
{
"category": "external",
"summary": "Reference",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0604"
},
{
"category": "external",
"summary": "Reference",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0605"
},
{
"category": "external",
"summary": "Reference",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0606"
},
{
"category": "external",
"summary": "Reference",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0607"
},
{
"category": "external",
"summary": "Reference",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0608"
},
{
"category": "external",
"summary": "Reference",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0609"
}
],
"title": "Kwetsbaarheden verholpen in Splunk Enterprise en Splunk Cloud Platform",
"tracking": {
"current_release_date": "2026-06-15T08:27:12.211234Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0198",
"initial_release_date": "2026-06-15T08:27:12.211234Z",
"revision_history": [
{
"date": "2026-06-15T08:27:12.211234Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Splunk Cloud Platform"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Splunk Enterprise"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Splunk Secure Gateway"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "splunk"
}
],
"category": "vendor",
"name": "Splunk"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-20253",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "description",
"text": "Certain older versions of Splunk Enterprise and Splunk Cloud Platform contain a vulnerability in the PostgreSQL sidecar service endpoint that allows unauthenticated users to create or truncate arbitrary files due to missing authentication controls.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20253 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20253.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2026-20253"
},
{
"cve": "CVE-2026-20251",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "description",
"text": "A Remote Code Execution vulnerability in certain versions of Splunk Enterprise, Splunk Cloud Platform, and Splunk Secure Gateway allows low-privileged users to exploit unsafe deserialization of KV Store data via the \u0027jsonpickle\u0027 Python library.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20251 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20251.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2026-20251"
},
{
"cve": "CVE-2026-20252",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "description",
"text": "A vulnerability in Splunk Enterprise and Splunk Cloud Platform allows low-privileged users to perform server-side request forgery via the Dashboard Studio PDF export feature due to improper trusted-domain validation and automatic HTTP redirect handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20252 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20252.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2026-20252"
},
{
"cve": "CVE-2026-20254",
"notes": [
{
"category": "description",
"text": "Certain versions of Splunk Enterprise and Splunk Cloud Platform contain a CSS injection vulnerability in classic dashboards that allows low-privileged users to exfiltrate sensitive data via insufficient Trusted Domains validation when viewed by higher-privileged users.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20254 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20254.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2026-20254"
},
{
"cve": "CVE-2026-20255",
"notes": [
{
"category": "description",
"text": "A vulnerability in Splunk Enterprise and Splunk Cloud Platform allows low-privileged users to create malicious classic dashboards that can exfiltrate sensitive data due to incomplete URL validation in the external content dialog.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20255 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20255.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2026-20255"
},
{
"cve": "CVE-2026-20256",
"notes": [
{
"category": "description",
"text": "A vulnerability in certain versions of Splunk Enterprise and Splunk Cloud Platform enables low-privileged users to exfiltrate data via protocol-relative URLs in classic dashboard drill-down links, bypassing URL validation and external-navigation warnings.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20256 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20256.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2026-20256"
},
{
"cve": "CVE-2026-20257",
"notes": [
{
"category": "description",
"text": "A vulnerability in Splunk Enterprise and Splunk Cloud Platform allows low-privileged users to exfiltrate sensitive data from higher-privileged browsers via crafted dashboards exploiting insufficient style attribute validation, requiring phishing to execute.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20257 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20257.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2026-20257"
},
{
"cve": "CVE-2026-20259",
"notes": [
{
"category": "description",
"text": "Certain versions of Splunk Enterprise and Splunk Cloud Platform contain an access control flaw allowing users with the `edit_saved_search_owner` capability to improperly reassign saved search ownership beyond their authorized scope.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20259 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20259.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2026-20259"
},
{
"cve": "CVE-2026-20258",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "A vulnerability in certain versions of Splunk Enterprise and Splunk Cloud Platform allows low-privileged users to execute unauthorized JavaScript code in another user\u0027s browser via malicious HTML panels in classic dashboards.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20258 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20258.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4"
]
}
],
"title": "CVE-2026-20258"
}
]
}
WID-SEC-W-2026-1877
Vulnerability from csaf_certbund - Published: 2026-06-10 22:00 - Updated: 2026-06-14 22:00Summary
Splunk Enterprise: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Splunk Enterprise ausnutzen, um beliebigen Code auszuführen, Cross-Site-Scripting-Angriffe durchzuführen, Daten zu manipulieren, Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.3.13
Splunk / Splunk Enterprise
|
<9.3.13 | ||
|
Splunk Splunk Enterprise <9.4.12
Splunk / Splunk Enterprise
|
<9.4.12 | ||
|
Splunk Splunk Enterprise <10.0.7
Splunk / Splunk Enterprise
|
<10.0.7 | ||
|
Splunk Splunk Enterprise <10.2.4
Splunk / Splunk Enterprise
|
<10.2.4 | ||
|
Splunk Splunk Enterprise <10.4.0
Splunk / Splunk Enterprise
|
<10.4.0 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.3.13
Splunk / Splunk Enterprise
|
<9.3.13 | ||
|
Splunk Splunk Enterprise <9.4.12
Splunk / Splunk Enterprise
|
<9.4.12 | ||
|
Splunk Splunk Enterprise <10.0.7
Splunk / Splunk Enterprise
|
<10.0.7 | ||
|
Splunk Splunk Enterprise <10.2.4
Splunk / Splunk Enterprise
|
<10.2.4 | ||
|
Splunk Splunk Enterprise <10.4.0
Splunk / Splunk Enterprise
|
<10.4.0 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.3.13
Splunk / Splunk Enterprise
|
<9.3.13 | ||
|
Splunk Splunk Enterprise <9.4.12
Splunk / Splunk Enterprise
|
<9.4.12 | ||
|
Splunk Splunk Enterprise <10.0.7
Splunk / Splunk Enterprise
|
<10.0.7 | ||
|
Splunk Splunk Enterprise <10.2.4
Splunk / Splunk Enterprise
|
<10.2.4 | ||
|
Splunk Splunk Enterprise <10.4.0
Splunk / Splunk Enterprise
|
<10.4.0 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.3.13
Splunk / Splunk Enterprise
|
<9.3.13 | ||
|
Splunk Splunk Enterprise <9.4.12
Splunk / Splunk Enterprise
|
<9.4.12 | ||
|
Splunk Splunk Enterprise <10.0.7
Splunk / Splunk Enterprise
|
<10.0.7 | ||
|
Splunk Splunk Enterprise <10.2.4
Splunk / Splunk Enterprise
|
<10.2.4 | ||
|
Splunk Splunk Enterprise <10.4.0
Splunk / Splunk Enterprise
|
<10.4.0 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.3.13
Splunk / Splunk Enterprise
|
<9.3.13 | ||
|
Splunk Splunk Enterprise <9.4.12
Splunk / Splunk Enterprise
|
<9.4.12 | ||
|
Splunk Splunk Enterprise <10.0.7
Splunk / Splunk Enterprise
|
<10.0.7 | ||
|
Splunk Splunk Enterprise <10.2.4
Splunk / Splunk Enterprise
|
<10.2.4 | ||
|
Splunk Splunk Enterprise <10.4.0
Splunk / Splunk Enterprise
|
<10.4.0 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.3.13
Splunk / Splunk Enterprise
|
<9.3.13 | ||
|
Splunk Splunk Enterprise <9.4.12
Splunk / Splunk Enterprise
|
<9.4.12 | ||
|
Splunk Splunk Enterprise <10.0.7
Splunk / Splunk Enterprise
|
<10.0.7 | ||
|
Splunk Splunk Enterprise <10.2.4
Splunk / Splunk Enterprise
|
<10.2.4 | ||
|
Splunk Splunk Enterprise <10.4.0
Splunk / Splunk Enterprise
|
<10.4.0 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.3.13
Splunk / Splunk Enterprise
|
<9.3.13 | ||
|
Splunk Splunk Enterprise <9.4.12
Splunk / Splunk Enterprise
|
<9.4.12 | ||
|
Splunk Splunk Enterprise <10.0.7
Splunk / Splunk Enterprise
|
<10.0.7 | ||
|
Splunk Splunk Enterprise <10.2.4
Splunk / Splunk Enterprise
|
<10.2.4 | ||
|
Splunk Splunk Enterprise <10.4.0
Splunk / Splunk Enterprise
|
<10.4.0 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.3.13
Splunk / Splunk Enterprise
|
<9.3.13 | ||
|
Splunk Splunk Enterprise <9.4.12
Splunk / Splunk Enterprise
|
<9.4.12 | ||
|
Splunk Splunk Enterprise <10.0.7
Splunk / Splunk Enterprise
|
<10.0.7 | ||
|
Splunk Splunk Enterprise <10.2.4
Splunk / Splunk Enterprise
|
<10.2.4 | ||
|
Splunk Splunk Enterprise <10.4.0
Splunk / Splunk Enterprise
|
<10.4.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.3.13
Splunk / Splunk Enterprise
|
<9.3.13 | ||
|
Splunk Splunk Enterprise <9.4.12
Splunk / Splunk Enterprise
|
<9.4.12 | ||
|
Splunk Splunk Enterprise <10.0.7
Splunk / Splunk Enterprise
|
<10.0.7 | ||
|
Splunk Splunk Enterprise <10.2.4
Splunk / Splunk Enterprise
|
<10.2.4 |
References
12 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Splunk Enterprise erm\u00f6glicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Splunk Enterprise ausnutzen, um beliebigen Code auszuf\u00fchren, Cross-Site-Scripting-Angriffe durchzuf\u00fchren, Daten zu manipulieren, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1877 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1877.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1877 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1877"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2026-06-10",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0601"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2026-06-10",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0602"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2026-06-10",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0603"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2026-06-10",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0604"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2026-06-10",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0605"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2026-06-10",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0606"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2026-06-10",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0607"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2026-06-10",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0608"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2026-06-10",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0609"
},
{
"category": "external",
"summary": "WatchTower Labs Report on CVE-2026-20253 vom 2026-06-14",
"url": "https://labs.watchtowr.com/why-use-app-level-auth-when-every-database-has-auth-splunk-enterprise-cve-2026-20253-pre-auth-rce/"
}
],
"source_lang": "en-US",
"title": "Splunk Enterprise: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-14T22:00:00.000+00:00",
"generator": {
"date": "2026-06-15T09:40:08.351+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1877",
"initial_release_date": "2026-06-10T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-06-10T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-06-14T22:00:00.000+00:00",
"number": "2",
"summary": "PoC f\u00fcr CVE-2026-20253 aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.4.0",
"product": {
"name": "Splunk Splunk Enterprise \u003c10.4.0",
"product_id": "T055213"
}
},
{
"category": "product_version",
"name": "10.4.0",
"product": {
"name": "Splunk Splunk Enterprise 10.4.0",
"product_id": "T055213-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:10.4.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.2.4",
"product": {
"name": "Splunk Splunk Enterprise \u003c10.2.4",
"product_id": "T055214"
}
},
{
"category": "product_version",
"name": "10.2.4",
"product": {
"name": "Splunk Splunk Enterprise 10.2.4",
"product_id": "T055214-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:10.2.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.0.7",
"product": {
"name": "Splunk Splunk Enterprise \u003c10.0.7",
"product_id": "T055215"
}
},
{
"category": "product_version",
"name": "10.0.7",
"product": {
"name": "Splunk Splunk Enterprise 10.0.7",
"product_id": "T055215-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:10.0.7"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.4.12",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.4.12",
"product_id": "T055216"
}
},
{
"category": "product_version",
"name": "9.4.12",
"product": {
"name": "Splunk Splunk Enterprise 9.4.12",
"product_id": "T055216-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.4.12"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.3.13",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.3.13",
"product_id": "T055217"
}
},
{
"category": "product_version",
"name": "9.3.13",
"product": {
"name": "Splunk Splunk Enterprise 9.3.13",
"product_id": "T055217-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.3.13"
}
}
}
],
"category": "product_name",
"name": "Splunk Enterprise"
}
],
"category": "vendor",
"name": "Splunk"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-20251",
"product_status": {
"known_affected": [
"T055217",
"T055216",
"T055215",
"T055214",
"T055213"
]
},
"release_date": "2026-06-10T22:00:00.000+00:00",
"title": "CVE-2026-20251"
},
{
"cve": "CVE-2026-20252",
"product_status": {
"known_affected": [
"T055217",
"T055216",
"T055215",
"T055214",
"T055213"
]
},
"release_date": "2026-06-10T22:00:00.000+00:00",
"title": "CVE-2026-20252"
},
{
"cve": "CVE-2026-20254",
"product_status": {
"known_affected": [
"T055217",
"T055216",
"T055215",
"T055214",
"T055213"
]
},
"release_date": "2026-06-10T22:00:00.000+00:00",
"title": "CVE-2026-20254"
},
{
"cve": "CVE-2026-20255",
"product_status": {
"known_affected": [
"T055217",
"T055216",
"T055215",
"T055214",
"T055213"
]
},
"release_date": "2026-06-10T22:00:00.000+00:00",
"title": "CVE-2026-20255"
},
{
"cve": "CVE-2026-20256",
"product_status": {
"known_affected": [
"T055217",
"T055216",
"T055215",
"T055214",
"T055213"
]
},
"release_date": "2026-06-10T22:00:00.000+00:00",
"title": "CVE-2026-20256"
},
{
"cve": "CVE-2026-20257",
"product_status": {
"known_affected": [
"T055217",
"T055216",
"T055215",
"T055214",
"T055213"
]
},
"release_date": "2026-06-10T22:00:00.000+00:00",
"title": "CVE-2026-20257"
},
{
"cve": "CVE-2026-20258",
"product_status": {
"known_affected": [
"T055217",
"T055216",
"T055215",
"T055214",
"T055213"
]
},
"release_date": "2026-06-10T22:00:00.000+00:00",
"title": "CVE-2026-20258"
},
{
"cve": "CVE-2026-20259",
"product_status": {
"known_affected": [
"T055217",
"T055216",
"T055215",
"T055214",
"T055213"
]
},
"release_date": "2026-06-10T22:00:00.000+00:00",
"title": "CVE-2026-20259"
},
{
"cve": "CVE-2026-20253",
"product_status": {
"known_affected": [
"T055217",
"T055216",
"T055215",
"T055214"
]
},
"release_date": "2026-06-10T22:00:00.000+00:00",
"title": "CVE-2026-20253"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…