EUVD-2026-36082

🗓️ 10 Jun 2026 17:16:00Reported by EUVDType

Low-privilege user can trigger remote code execution via unsafe jsonpickle deserialization of App KV Store.

Reporter	Title	Published	Views	Family All 6
Circl	CVE-2026-20251	10 Jun 202620:23	–	circl
CVE	CVE-2026-20251	10 Jun 202617:16	–	cve
Cvelist	CVE-2026-20251 Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway	10 Jun 202617:16	–	cvelist
NVD	CVE-2026-20251	10 Jun 202618:16	–	nvd
Positive Technologies	PT-2026-48491	10 Jun 202600:00	–	ptsecurity
Vulnrichment	CVE-2026-20251 Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway	10 Jun 202617:16	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "14ecc6c5-f99a-3178-ba90-4d3febc34f3d",
        "vendor": {
          "name": "Splunk"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "00a32335-1acd-39d9-b874-10a27df21578",
        "product": {
          "name": "Splunk Enterprise",
          "vendor": {
            "name": "Splunk"
          }
        },
        "product_version": "9.3 <9.3.13"
      },
      {
        "id": "0d6d2afb-61f4-38ee-9122-e9e6b066622b",
        "product": {
          "name": "Splunk Cloud Platform",
          "vendor": {
            "name": "Splunk"
          }
        },
        "product_version": "10.2.2510 <10.2.2510.14"
      },
      {
        "id": "22036eda-69a3-3f06-9e48-a9eb762b71c4",
        "product": {
          "name": "Splunk Enterprise",
          "vendor": {
            "name": "Splunk"
          }
        },
        "product_version": "10.0 <10.0.7"
      },
      {
        "id": "7bf70839-8914-33a4-a773-ce1d756d17a1",
        "product": {
          "name": "Splunk Cloud Platform",
          "vendor": {
            "name": "Splunk"
          }
        },
        "product_version": "10.3.2512 <10.3.2512.12"
      },
      {
        "id": "8607497c-3e27-3731-b19b-aa24498848ba",
        "product": {
          "name": "Splunk Secure Gateway",
          "vendor": {
            "name": "Splunk"
          }
        },
        "product_version": "3.8 <3.8.67"
      },
      {
        "id": "8f49827c-47e4-37f3-afc7-29136fd63e2f",
        "product": {
          "name": "Splunk Cloud Platform",
          "vendor": {
            "name": "Splunk"
          }
        },
        "product_version": "10.1.2507 <10.1.2507.22"
      },
      {
        "id": "a34e9064-7946-356f-af54-474b1a4fbf9a",
        "product": {
          "name": "Splunk Secure Gateway",
          "vendor": {
            "name": "Splunk"
          }
        },
        "product_version": "3.10 <3.10.6"
      },
      {
        "id": "a9562c9c-c981-3082-9d7d-120983ae4bab",
        "product": {
          "name": "Splunk Secure Gateway",
          "vendor": {
            "name": "Splunk"
          }
        },
        "product_version": "3.9 <3.9.20"
      },
      {
        "id": "c95f741b-5450-3f81-8871-cd56b711ac6d",
        "product": {
          "name": "Splunk Cloud Platform",
          "vendor": {
            "name": "Splunk"
          }
        },
        "product_version": "9.3.2411 <9.3.2411.132"
      },
      {
        "id": "f9951840-6039-31b1-933c-8ac8f9712b6d",
        "product": {
          "name": "Splunk Enterprise",
          "vendor": {
            "name": "Splunk"
          }
        },
        "product_version": "9.4 <9.4.12"
      },
      {
        "id": "fb1f67f0-24fb-3f85-9ff3-94c42bddca76",
        "product": {
          "name": "Splunk Enterprise",
          "vendor": {
            "name": "Splunk"
          }
        },
        "product_version": "10.2 <10.2.4"
      }
    ]
  }
]

Source	Link
advisory	www.advisory.splunk.com/advisories/SVD-2026-0601

10 Jun 2026 18:26Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.18.8

SSVC