CVE-2026-20139 | THREATINT

Description

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload into the `realname`, `tz`, or `email` parameters of the `/splunkd/__raw/services/authentication/users/username` REST API endpoint when they change a password. This could potentially lead to a client‑side denial‑of‑service (DoS). The malicious payload might significantly slow page load times or render Splunk Web temporarily unresponsive.

PUBLISHED Reserved 2025-10-08 | Published 2026-02-18 | Updated 2026-02-18 | Assigner cisco

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Problem types

The software does not properly control the allocation and maintenance of a limited resource thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

Product status

10.0 (custom) before 10.0.2

affected

9.4 (custom) before 9.4.8

affected

9.3 (custom) before 9.3.9

affected

9.2 (custom) before 9.2.12

affected

10.2.2510 (custom) before 10.2.2510.3

affected

10.1.2507 (custom) before 10.1.2507.8

affected

10.0.2503 (custom) before 10.0.2503.9

affected

9.3.2411 (custom) before 9.3.2411.121

affected

Credits

STÖK / Fredrik Alexandersson

References

advisory.splunk.com/advisories/SVD-2026-0204

cve.org (CVE-2026-20139)

nvd.nist.gov (CVE-2026-20139)

Download JSON