Home
MEDIUM: 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
affected
10.0 (custom) before 10.0.5
affected
9.4 (custom) before 9.4.10
affected
9.3 (custom) before 9.3.11
affected
affected
10.3.2512 (custom) before 10.3.2512.6
affected
10.2.2510 (custom) before 10.2.2510.10
affected
10.1.2507 (custom) before 10.1.2507.19
affected
10.0.2503 (custom) before 10.0.2503.13
affected
9.3.2411 (custom) before 9.3.2411.127
affected
Description
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the `admin` or `power` Splunk roles, has write permission on the app, and does not hold the high-privilege capability `accelerate_datamodel`, could turn on or off Data Model Acceleration due to improper access control.
Problem types
Product status
10.0 (custom) before 10.0.5
9.4 (custom) before 9.4.10
9.3 (custom) before 9.3.11
10.3.2512 (custom) before 10.3.2512.6
10.2.2510 (custom) before 10.2.2510.10
10.1.2507 (custom) before 10.1.2507.19
10.0.2503 (custom) before 10.0.2503.13
9.3.2411 (custom) before 9.3.2411.127
Credits
Mr Hack (try_to_hack) Santiago Lopez
References
advisory.splunk.com/advisories/SVD-2026-0402