CVE-2026-20166 Sensitive Information Disclosure in Discover Splunk Observability Cloud app for Splunk Enterprise

In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.0.2503.12, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve the Observability Cloud API access token through the Discover...

CVE-2026-20166

CVE-2026-20166 affects Splunk Enterprise and Splunk Cloud Platform where a low-privilege user (not admin/power) could retrieve the Observability Cloud API access token via the Discover Splunk Observability Cloud app due to improper access control. Affected: Splunk Enterprise < 10.2.1 and < ...

EUVD-2023-36942

Malicious code in bioql PyPI...

EUVD-2025-8428

Malicious code in bioql PyPI...

EUVD-2023-36940

Malicious code in bioql PyPI...

EUVD-2025-2894

Malicious code in bioql PyPI...

CVE-2025-20233

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the chmod and makedirs Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user...

CVE-2025-20233

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the chmod and makedirs Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user...

CVE-2025-20233

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the chmod and makedirs Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user...

CVE-2025-20233 Incorrect permissions set by the “chmod“ and “makedirs“ Python functions in Splunk App for Lookup File Editing

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the chmod and makedirs Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user...

CVE-2025-20233

CVE-2025-20233 concerns the Splunk App for Lookup File Editing (pre-4.0.5). A script uses Python’s chmod and makedirs in a way that yields overly broad read and execute permissions, causing improper access control for a low-privileged user. The provided documents do not specify a remediation. Mon...

CVE-2025-20233 Incorrect permissions set by the “chmod“ and “makedirs“ Python functions in Splunk App for Lookup File Editing

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the chmod and makedirs Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user...

CVE-2025-22621

In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the adminallobjects capability to the splunkappsoar role. This addition could lead to improper access control for a low-privileged user that does not hold the "admin" Splunk roles...

CVE-2025-22621

CVE-2025-22621 affects Splunk App for SOAR, versions 1.0.67 and lower. The root cause is a documentation-guided addition of the admin_all_objects capability to the splunk_app_soar role, potentially granting high-privilege access to a low-privileged user and compromising access control. The CVE is...

CVE-2025-22621 Privilege escalation for users who hold the “splunk_app_soar“ role in the Splunk App for SOAR

In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the adminallobjects capability to the splunkappsoar role. This addition could lead to improper access control for a low-privileged user that does not hold the "admin" Splunk roles...

CVE-2025-22621 Privilege escalation for users who hold the “splunk_app_soar“ role in the Splunk App for SOAR

In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the adminallobjects capability to the splunkappsoar role. This addition could lead to improper access control for a low-privileged user that does not hold the "admin" Splunk roles...

PT-2025-4607 · Splunk · Splunk App For Soar

Name of the Vulnerable Software and Affected Versions: Splunk App for SOAR versions 1.0.67 and lower Description: The issue is related to improper access control. In the affected versions of the Splunk App for SOAR, the documentation recommended adding the admin all objects capability to the splu...

CVE-2023-32714

In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and write to restricted areas of the Splunk installation directory...

CVE-2023-32715

In the Splunk App for Lookup File Editing versions below 4.0.1, a user can insert potentially malicious JavaScript code into the app, which causes that code to run on the user’s machine. The app itself does not contain the potentially malicious JavaScript code. The vulnerability requires the...

CVE-2023-32713

In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine that runs the Splunk Enterprise instance, up to and including the root user...