CVE-2026-20202 Improper Input Validation during User Account Creation in Splunk Enterprise

🗓️ 15 Apr 2026 15:17:43Reported by ciscoType

CVE-2026-20202: Improper input validation lets high-privilege users create null or non UTF eight byte usernames, causing account management issues.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-20202	15 Apr 202615:17	–	attackerkb
Circl	CVE-2026-20202	4 May 202623:08	–	circl
CNNVD	Splunk Cloud Platform和Splunk Enterprise 安全漏洞	15 Apr 202600:00	–	cnnvd
CVE	CVE-2026-20202	15 Apr 202615:17	–	cve
EUVD	EUVD-2026-22930	15 Apr 202618:31	–	euvd
NVD	CVE-2026-20202	15 Apr 202616:16	–	nvd
Positive Technologies	PT-2026-33064	15 Apr 202600:00	–	ptsecurity
Tenable Nessus	Splunk Enterprise 9.3.0 < 9.3.11, 9.4.0 < 9.4.10, 10.0.0 < 10.0.5, 10.2.0 < 10.2.2 (SVD-2026-0401)	15 Apr 202600:00	–	nessus
Vulnrichment	CVE-2026-20202 Improper Input Validation during User Account Creation in Splunk Enterprise	15 Apr 202615:17	–	vulnrichment

[
  {
    "product": "Splunk Enterprise",
    "vendor": "Splunk",
    "versions": [
      {
        "version": "10.2",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "10.2.2"
      },
      {
        "version": "10.0",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "10.0.5"
      },
      {
        "version": "9.4",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.4.10"
      },
      {
        "version": "9.3",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.3.11"
      }
    ]
  },
  {
    "product": "Splunk Cloud Platform",
    "vendor": "Splunk",
    "versions": [
      {
        "version": "10.4.2603",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "Not Affected"
      },
      {
        "version": "10.3.2512",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "10.3.2512.6"
      },
      {
        "version": "10.2.2510",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "10.2.2510.10"
      },
      {
        "version": "10.1.2507",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "10.1.2507.20"
      },
      {
        "version": "10.0.2503",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "10.0.2503.13"
      },
      {
        "version": "9.3.2411",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.3.2411.127"
      }
    ]
  }
]

Source	Link
advisory	www.advisory.splunk.com/advisories/SVD-2026-0401

15 Apr 2026 15:17Current

CVSS 3.16.6

EPSS0.00246