20747 matches found
CVE-2026-20166
CVE-2026-20166 affects Splunk Enterprise and Splunk Cloud Platform where a low-privilege user (not admin/power) could retrieve the Observability Cloud API access token via the Discover Splunk Observability Cloud app due to improper access control. Affected: Splunk Enterprise < 10.2.1 and < ...
CVE-2026-20166
In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.0.2503.12, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve the Observability Cloud API access token through the Discover...
CVE-2026-20164
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, 10.0.2503.11, and 9.3.2411.123, a low-privileged user that does not hold the "admin" or "power" Splunk roles could access the...
CVE-2026-20164
CVE-2026-20164 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user not in admin/power roles can access the REST endpoint /splunkd/__raw/servicesNS/-/-/configs/conf-passwords, exposing hashed or plaintext passwords from passwords.conf due to improper access control. Impact i...
CVE-2026-20164 Sensitive Information Disclosure through Improper Access Control in Splunk Enterprise
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, 10.0.2503.11, and 9.3.2411.123, a low-privileged user that does not hold the "admin" or "power" Splunk roles could access the...
CVE-2026-20164 Sensitive Information Disclosure through Improper Access Control in Splunk Enterprise
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, 10.0.2503.11, and 9.3.2411.123, a low-privileged user that does not hold the "admin" or "power" Splunk roles could access the...
CVE-2026-20165 Sensitive Information Disclosure in MongoClient logging channel in Splunk Enterprise
In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve sensitive information by inspectin...
CVE-2026-20165 Sensitive Information Disclosure in MongoClient logging channel in Splunk Enterprise
In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve sensitive information by inspectin...
CVE-2026-20165
In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve sensitive information by inspectin...
CVE-2026-20165
CVE-2026-20165 affects Splunk Enterprise and Splunk Cloud Platform where a low-privileged user (not admin/power role) could access sensitive information by inspecting the job search log due to improper access control in the MongoClient logging channel. Impact is limited to confidential and integr...
Splunk Cloud Platform和Splunk Enterprise 信息泄露漏洞
Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. Vulnerabilities exist in versions of...
PT-2026-24734
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123, a low-privileged user who does not hold the "admin" or "power" Splunk roles could craft a malicious payload when creating a Vie...
PT-2026-24737
In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve sensitive information by inspectin...
Splunk Enterprise 信息泄露漏洞
Splunk Enterprise is a data collection and analysis software developed by the American company Splunk. Versions of Splunk Enterprise prior to 10.2.0, 10.0.3 prior to version 10.0.3, 9.4.9 prior to version 9.3.10, as well as versions of Splunk Cloud Platform prior to 10.2.2510.5, 10.1.2507.16 prio...
Splunk Cloud Platform和Splunk Enterprise 命令注入漏洞
Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. Vulnerabilities exist in versions of...
PT-2026-24738
In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.0.2503.12, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve the Observability Cloud API access token through the Discover...
PT-2026-24735
Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.0, 10.0.4, 9.4.9, and 9.3.10 Splunk Cloud Platform versions prior to 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124 Description A user with a role containing the edit cmd capability can execu...
Splunk Enterprise 9.3.0 < 9.3.10, 9.4.0 < 9.4.9, 10.0.0 < 10.0.4 (SVD-2026-0302)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0302 advisory. - In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5,...
Splunk Enterprise 10.0.0 < 10.0.4, 10.2.0 < 10.2.1 (SVD-2026-0305)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0305 advisory. - In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, an...
PT-2026-24736
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, 10.0.2503.11, and 9.3.2411.123, a low-privileged user that does not hold the "admin" or "power" Splunk roles could access the /splunkd/...