64 matches found
CVE-2026-20239
In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the internal index could view session cookies and response bodies that contain sensitive data...
EUVD-2026-31139
In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the internal index could view session cookies and response bodies that contain sensitive data...
CVE-2026-20239 Sensitive Information Disclosure through Log Files in Splunk Enterprise
In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the internal index could view session cookies and response bodies that contain sensitive data...
CVE-2026-20239
CVE-2026-20239 affects Splunk products: Splunk Enterprise (versions below 10.2.2 and 10.0.5) and Splunk Cloud Platform (below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13). A user with access to the _internal index could view session cookies and response bodies containing sensitive d...
CVE-2026-20239
In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the internal index could view session cookies and response bodies that contain sensitive data...
CVE-2026-20239 Sensitive Information Disclosure through Log Files in Splunk Enterprise
In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the internal index could view session cookies and response bodies that contain sensitive data...
PT-2026-42212
In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the internal index could view session cookies and response bodies that contain sensitive data...
Splunk Cloud Platform和Splunk Enterprise 日志信息泄露漏洞
Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. Versions of Splunk Enterprise prior t...
Splunk Enterprise 10.0.0 < 10.0.5, 10.2.0 < 10.2.2 (SVD-2026-0503)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0503 advisory. - In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11,...
EUVD-2026-25829
Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information...
PT-2026-35405
Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information...
EUVD-2026-22935
In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk internal index or possesses the high-privilege capability mcptooladmin could view users session and authorization tokens in clear text.The vulnerability would require either local access to the log...
CVE-2026-20205
In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk internal index or possesses the high-privilege capability mcptooladmin could view users session and authorization tokens in clear text.The vulnerability would require either local access to the log...
CVE-2026-20205
Summary: CVE-2026-20205 affects Splunk MCP Server app versions below 1.0.3. A user with access to the Splunk _internal index** or with the high-privilege capability mcp_tool_admin can view users’ sessions and authorization tokens in clear text. The vulnerability requires either local access to lo...
CVE-2026-20205
In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk internal index or possesses the high-privilege capability mcptooladmin could view users session and authorization tokens in clear text. The vulnerability would require either local access to the log...
CVE-2026-20205 Sensitive Information Disclosure in ''_internal'' index in Splunk MCP Server app
In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk internal index or possesses the high-privilege capability mcptooladmin could view users session and authorization tokens in clear text.The vulnerability would require either local access to the log...
CVE-2026-20205 Sensitive Information Disclosure in ''_internal'' index in Splunk MCP Server app
In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk internal index or possesses the high-privilege capability mcptooladmin could view users session and authorization tokens in clear text.The vulnerability would require either local access to the log...
PT-2026-33067
Name of the Vulnerable Software and Affected Versions Splunk MCP Server app versions prior to 1.0.3 Description A user with a role that has access to the Splunk internal index or the high-privilege capability mcp tool admin can view user session and authorization tokens in clear text. This issue...
CVE-2026-20144
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the the Splunk internal index coul...
CVE-2026-20142
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the RSA accessKey value from the Authentication.conf file, in plain text...