CVE-2026-20252 Server-Side Request Forgery (SSRF) through Dashboard Studio PDF Export in Splunk Enterprise

🗓️ 10 Jun 2026 17:16:19Reported by ciscoType

Low-privilege user can trigger server-side requests via Dashboard Studio PDF export in vulnerable Splunk.

Reporter	Title	Published	Views	Family All 5
CVE	CVE-2026-20252	10 Jun 202617:16	–	cve
EUVD	EUVD-2026-36086	10 Jun 202617:16	–	euvd
NVD	CVE-2026-20252	10 Jun 202618:16	–	nvd
Positive Technologies	PT-2026-48492	10 Jun 202600:00	–	ptsecurity
Vulnrichment	CVE-2026-20252 Server-Side Request Forgery (SSRF) through Dashboard Studio PDF Export in Splunk Enterprise	10 Jun 202617:16	–	vulnrichment

[
  {
    "product": "Splunk Enterprise",
    "vendor": "Splunk",
    "versions": [
      {
        "version": "10.2",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "10.2.4"
      },
      {
        "version": "10.0",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "10.0.7"
      },
      {
        "version": "9.4",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.4.12"
      },
      {
        "version": "9.3",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.3.13"
      }
    ]
  },
  {
    "product": "Splunk Cloud Platform",
    "vendor": "Splunk",
    "versions": [
      {
        "version": "10.4.2604",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "10.4.2604.3"
      },
      {
        "version": "10.3.2512",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "10.3.2512.12"
      },
      {
        "version": "10.2.2510",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "10.2.2510.14"
      },
      {
        "version": "10.1.2507",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "10.1.2507.22"
      },
      {
        "version": "9.3.2411",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.3.2411.132"
      }
    ]
  }
]

Source	Link
advisory	www.advisory.splunk.com/advisories/SVD-2026-0602

10 Jun 2026 17:16Current

CVSS 3.17.6