FKIE_CVE-2026-20139

Vulnerability from fkie_nvd - Published: 2026-02-18 18:24 - Updated: 2026-02-20 13:47
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload into the `realname`, `tz`, or `email` parameters of the `/splunkd/__raw/services/authentication/users/username` REST API endpoint when they change a password. This could potentially lead to a client‑side denial‑of‑service (DoS). The malicious payload might significantly slow page load times or render Splunk Web temporarily unresponsive.
References
psirt@cisco.comhttps://advisory.splunk.com/advisories/SVD-2026-0204Vendor Advisory
Impacted products
Vendor Product Version
splunk splunk *
splunk splunk *
splunk splunk *
splunk splunk *
splunk splunk_cloud_platform *
splunk splunk_cloud_platform *
splunk splunk_cloud_platform *
splunk splunk_cloud_platform *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "6A753402-54BC-4809-800C-A1B1CC1BF176",
              "versionEndExcluding": "9.2.12",
              "versionStartIncluding": "9.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "0D9ACC64-CE37-4DBF-9315-E2DA76A3EAD2",
              "versionEndExcluding": "9.3.9",
              "versionStartIncluding": "9.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "657A9AFC-2335-4C32-8B81-901D1C742592",
              "versionEndExcluding": "9.4.8",
              "versionStartIncluding": "9.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "4413D4BE-F225-4C28-B401-EB46D8F34160",
              "versionEndExcluding": "10.0.2",
              "versionStartIncluding": "10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3D8C2DB-F956-49E2-8140-8D8962071007",
              "versionEndExcluding": "9.3.2411.121",
              "versionStartIncluding": "9.3.2411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "62714243-8A5F-4908-BD39-7B1026B8E7D7",
              "versionEndExcluding": "10.0.2503.9",
              "versionStartIncluding": "10.0.2503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43C712E7-B77B-49CC-8143-C5594F0089DD",
              "versionEndExcluding": "10.1.2507.8",
              "versionStartIncluding": "10.1.2507",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFACEF04-1811-4345-A640-EF3FC84E490B",
              "versionEndExcluding": "10.2.2510.3",
              "versionStartIncluding": "10.2.2510",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious payload into the `realname`, `tz`, or `email` parameters of the `/splunkd/__raw/services/authentication/users/username` REST API endpoint when they change a password. This could potentially lead to a client\u2011side denial\u2011of\u2011service (DoS). The malicious payload might significantly slow page load times or render Splunk Web temporarily unresponsive."
    },
    {
      "lang": "es",
      "value": "En las versiones de Splunk Enterprise anteriores a 10.2.0, 10.0.2, 9.4.8, 9.3.9 y 9.2.12, y en las versiones de Splunk Cloud Platform anteriores a 10.2.2510.3, 10.1.2507.8, 10.0.2503.9 y 9.3.2411.121, un usuario con pocos privilegios que no posea los roles de Splunk \u0027admin\u0027 o \u0027power\u0027 podr\u00eda crear una carga \u00fatil maliciosa en los par\u00e1metros `realname`, `tz` o `email` del endpoint de la API REST `/splunkd/__raw/services/authentication/users/username` cuando cambian una contrase\u00f1a. Esto podr\u00eda, potencialmente, provocar una denegaci\u00f3n de servicio (DoS) del lado del cliente. La carga \u00fatil maliciosa podr\u00eda ralentizar significativamente los tiempos de carga de la p\u00e1gina o hacer que Splunk Web no responda temporalmente."
    }
  ],
  "id": "CVE-2026-20139",
  "lastModified": "2026-02-20T13:47:44.000",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-02-18T18:24:26.497",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://advisory.splunk.com/advisories/SVD-2026-0204"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.