PT-2026-24736

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, 10.0.2503.11, and 9.3.2411.123, a low-privileged user that does not hold the "admin" or "power" Splunk roles could access the /splunkd/...

Splunk Enterprise 9.3.0 < 9.3.10, 9.4.0 < 9.4.9, 10.0.0 < 10.0.4, 10.2.0 < 10.2.1 (SVD-2026-0304)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0304 advisory. - In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7,...

Splunk Enterprise 跨站脚本漏洞

Splunk Enterprise is a data collection and analysis software developed by the American company Splunk. Versions of Splunk Enterprise prior to 10.2.0, 10.0.3 prior to version 10.0.3, 9.4.9 prior to version 9.3.9, as well as versions of Splunk Cloud Platform prior to 10.2.2510.4, 10.1.2507.15 prior...

Splunk Cloud Platform和Splunk Enterprise 日志信息泄露漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. Vulnerabilities regarding log...

Splunk Enterprise 9.3.0 < 9.3.9, 9.4.0 < 9.4.9, 10.0.0 < 10.0.3 (SVD-2026-0301)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0301 advisory. - In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4,...

📄 Splunk Enterprise 9.1.5 / 9.2.2 Remote Code Execution

This PHP script is a proof of concept exploit for CVE-2024-36985, an authenticated Remote Code Execution vulnerability affecting Splunk instances where the splunkarchiver app is installed and enabled. It is a conversion of a Metasploit module into PHP...

📄 Splunk Enterprise 9.1.5 / 9.2.2 Remote Code Execution

Proof of concept exploit for a critical authenticated remote code execution vulnerability that affects multiple versions of Splunk Enterprise when the splunkarchiver application is enabled...

📄 Splunk Enterprise 9.1.5 / 9.2.2 Vulnerability Scanner

This PHP script is a defensive vulnerability checker for CVE-2024-36985 affecting Splunk Enterprise. It authenticates to a Splunk instance using provided credentials, retrieves the installed Splunk version, and determines whether it falls within the vulnerable ranges. The script then enumerates...

GHSA-8FJ7-8H3W-XWFM vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-lambda, descheduler, gitlab-runner, telegraf, nova, kubo, cloud-sql-proxy, cluster-api-azure-controller, pulumi-language-java, emissary, pluto, caddy, kube-rbac-proxy, flux-operator, zarf, trivy, apko, crossplane-provider-family-aws,...

CVE-2026-27141 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-lambda, descheduler, gitlab-runner, telegraf, nova, kubo, cloud-sql-proxy, cluster-api-azure-controller, pulumi-language-java, emissary, pluto, caddy, kube-rbac-proxy, flux-operator, zarf, trivy, apko, crossplane-provider-family-aws,...

GHSA-8FJ7-8H3W-XWFM vulnerabilities

Vulnerabilities for packages: crossplane-provider-terraform, goose, neuvector-sigstore-interface-fips, terraform-provider-acme, cluster-api-azure-controller, helm-diff, gpu-operator, crossplane-provider-aws-ec2-fips, gitlab-runner-fips, crossplane-provider-aws-route53,...

CVE-2026-27141 vulnerabilities

Vulnerabilities for packages: crossplane-provider-terraform, goose, neuvector-sigstore-interface-fips, terraform-provider-acme, cluster-api-azure-controller, helm-diff, gpu-operator, crossplane-provider-aws-ec2-fips, gitlab-runner-fips, crossplane-provider-aws-route53,...

Splunk Enterprise 8.2.9 / 9.0.2 Vulnerability Scanner

This is a scanner that checks if a Splunk Enterprise system is susceptible to CVE‑2022‑43571, an authenticated remote code execution vulnerability. The vulnerability exists due to insufficient input sanitization in SimpleXML dashboard style parameters such as lineColor or fillColor. When a...

Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform

Splunk has fixed vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. The vulnerabilities are in several versions of Splunk Enterprise and Splunk Cloud Platform. They allow low-privileged users to bypass protections, view sensitive information, and abuse the REST API for user...

📄 Splunk Enterprise 8.2.9 / 9.0.2 Authenticated Remote Code Execution

Proof of concept exploit for CVE-2022-43571, a critical authenticated remote code execution vulnerability affecting Splunk Enterprise versions 8.2.9 and 9.0.2. The flaw resides in the SimpleXML dashboard PDF generation process, where insufficient input sanitization allows a privileged authenticat...

CVE-2026-20142

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the RSA accessKey value from the Authentication.conf file, in plain text...

CVE-2026-20144

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the the Splunk internal index coul...

CVE-2026-20141

In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the "admin" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure. The Monitoring...

CVE-2026-20138

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the integrationKey, secretKey, and appSecretKey secrets, generated by Duo Two-Factor...

CVE-2026-20137

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky...