CVE-2026-20259 | THREATINT

Description

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability `edit_saved_search_owner` could reassign saved search ownership to users outside their authorized scope. The ownership reassignment endpoint lacks access control.

PUBLISHED Reserved 2025-10-08 | Published 2026-06-10 | Updated 2026-06-10 | Assigner cisco

MEDIUM: 5.5CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

Problem types

The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Product status

10.2 (custom) before 10.2.4

affected

10.0 (custom) before 10.0.7

affected

10.3.2512 (custom) before 10.3.2512.12

affected

10.2.2510 (custom) before 10.2.2510.15

affected

10.1.2507 (custom) before 10.1.2507.23

affected

10.0.2503 (custom) before 10.0.2503.14

affected

9.3.2411 (custom) before 9.3.2411.131

affected

Credits

Andres Perez, Splunk

References

advisory.splunk.com/advisories/SVD-2026-0609

cve.org (CVE-2026-20259)

nvd.nist.gov (CVE-2026-20259)

Download JSON