Home

Description

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127, a user who holds a role that contains the high-privilege capability `edit_user`could create a specially crafted username that includes a null byte or a non-UTF-8 percent-encoded byte due to improper input validation.<br><br>This could lead to inconsistent conversion of usernames into a proper format for storage and account management inconsistencies, such as being unable to edit or delete affected users.

PUBLISHED Reserved 2025-10-08 | Published 2026-04-15 | Updated 2026-04-16 | Assigner cisco




MEDIUM: 6.6CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

The software does not properly handle when an input contains Unicode encoding.

Product status

10.2 (custom) before 10.2.2
affected

10.0 (custom) before 10.0.5
affected

9.4 (custom) before 9.4.10
affected

9.3 (custom) before 9.3.11
affected

10.4.2603 (custom) before Not Affected
affected

10.3.2512 (custom) before 10.3.2512.6
affected

10.2.2510 (custom) before 10.2.2510.10
affected

10.1.2507 (custom) before 10.1.2507.20
affected

10.0.2503 (custom) before 10.0.2503.13
affected

9.3.2411 (custom) before 9.3.2411.127
affected

Credits

Ryan Luke<br><br>Mahfujur Rahman (mahfujwhh)

References

advisory.splunk.com/advisories/SVD-2026-0401

cve.org (CVE-2026-20202)

nvd.nist.gov (CVE-2026-20202)

Download JSON