CVE-2026-20240

🗓️ 20 May 2026 16:32:05Reported by ciscoType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 12 Views

Low-privilege user can cause a denial of service via coldToFrozen.sh in Splunk Enterprise due to unsafe path handling.

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2026-20240	20 May 202616:32	–	attackerkb
Circl	CVE-2026-20240	20 May 202619:26	–	circl
CNNVD	Splunk Cloud Platform和Splunk Enterprise 输入验证错误漏洞	20 May 202600:00	–	cnnvd
Cvelist	CVE-2026-20240 Denial of Service through coldToFrozen.sh Script in Splunk Enterprise	20 May 202616:32	–	cvelist
EUVD	EUVD-2026-31138	20 May 202616:32	–	euvd
NVD	CVE-2026-20240	20 May 202618:16	–	nvd
Positive Technologies	PT-2026-42213	20 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-20240	5 Jun 202619:29	–	redhatcve
Tenable Nessus	Splunk Enterprise 9.3.0 < 9.3.12, 9.4.0 < 9.4.11, 10.0.0 < 10.0.5, 10.2.0 < 10.2.2 (SVD-2026-0504)	20 May 202600:00	–	nessus
Vulnrichment	CVE-2026-20240 Denial of Service through coldToFrozen.sh Script in Splunk Enterprise	20 May 202616:32	–	vulnrichment

NVD

Node

splunk splunkRange9.3.0–9.3.12enterprise

splunk splunkRange9.4.0–9.4.11enterprise

splunk splunkRange10.0.0–10.0.5enterprise

splunk splunkRange10.2.0–10.2.2enterprise

Node

splunk splunk_cloud_platformRange9.3.2411–9.3.2411.129

splunk splunk_cloud_platformRange10.0.2503–10.0.2503.13

splunk splunk_cloud_platformRange10.1.2507–10.1.2507.21

splunk splunk_cloud_platformRange10.2.2510–10.2.2510.11

splunk splunk_cloud_platformRange10.3.2512–10.3.2512.9

splunk splunk_cloud_platformMatch10.4.2603

[
  {
    "product": "Splunk Enterprise",
    "vendor": "Splunk",
    "versions": [
      {
        "version": "10.2",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "10.2.2"
      },
      {
        "version": "10.0",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "10.0.5"
      },
      {
        "version": "9.4",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.4.11"
      },
      {
        "version": "9.3",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.3.12"
      }
    ]
  },
  {
    "product": "Splunk Cloud Platform",
    "vendor": "Splunk",
    "versions": [
      {
        "version": "10.4.2603",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "10.4.2603.1"
      },
      {
        "version": "10.3.2512",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "10.3.2512.9"
      },
      {
        "version": "10.2.2510",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "10.2.2510.11"
      },
      {
        "version": "10.1.2507",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "10.1.2507.21"
      },
      {
        "version": "10.0.2503",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "10.0.2503.13"
      },
      {
        "version": "9.3.2411",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.3.2411.129"
      }
    ]
  }
]

Source	Link
advisory	www.advisory.splunk.com/advisories/SVD-2026-0504

21 May 2026 19:40Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.16.5

EPSS0.00053

SSVC

CWE-20