CVE-2026-20137 | THREATINT

Description

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky commands when they create a Data Model that contains an injected SPL query within an object. They can bypass the safeguards by exploiting a path traversal vulnerability.

PUBLISHED Reserved 2025-10-08 | Published 2026-02-18 | Updated 2026-02-18 | Assigner cisco

LOW: 3.5CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Problem types

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Product status

10.2 (custom) before 10.2.0

affected

10.0 (custom) before 10.0.3

affected

9.4 (custom) before 9.4.5

affected

9.3 (custom) before 9.3.7

affected

9.2 (custom) before 9.2.9

affected

10.1.2507 (custom) before 10.1.2507.0

affected

10.0 (custom) before 10.0.2503.9

affected

9.3.2411 (custom) before 9.3.2411.112

affected

9.3.2408 (custom) before 9.3.2408.122

affected

Credits

Anton (therceman)

References

advisory.splunk.com/advisories/SVD-2026-0202

cve.org (CVE-2026-20137)

nvd.nist.gov (CVE-2026-20137)

Download JSON