16 matches found
CVE-2026-20240
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the ‘admin’ or ‘power’ Splunk roles could cause a Denial ...
CVE-2026-20240 Denial of Service through coldToFrozen.sh Script in Splunk Enterprise
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the ‘admin’ or ‘power’ Splunk roles could cause a Denial ...
CVE-2026-20240
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the ‘admin’ or ‘power’ Splunk roles could cause a Denial ...
CVE-2026-20240 Denial of Service through coldToFrozen.sh Script in Splunk Enterprise
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the ‘admin’ or ‘power’ Splunk roles could cause a Denial ...
EUVD-2026-31138
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the ‘admin’ or ‘power’ Splunk roles could cause a Denial ...
PT-2026-42213
Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.2 Splunk Enterprise versions prior to 10.0.5 Splunk Enterprise versions prior to 9.4.11 Splunk Enterprise versions prior to 9.3.12 Splunk Cloud Platform versions prior to 10.4.2603.1 Splunk Cloud Platfo...
📄 Splunk Enterprise 9.1.5 / 9.2.2 Remote Code Execution
This PHP script is a proof of concept exploit for CVE-2024-36985, an authenticated Remote Code Execution vulnerability affecting Splunk instances where the splunkarchiver app is installed and enabled. It is a conversion of a Metasploit module into PHP...
📄 Splunk Enterprise 9.1.5 / 9.2.2 Remote Code Execution
Proof of concept exploit for a critical authenticated remote code execution vulnerability that affects multiple versions of Splunk Enterprise when the splunkarchiver application is enabled...
📄 Splunk Enterprise 9.1.5 / 9.2.2 Vulnerability Scanner
This PHP script is a defensive vulnerability checker for CVE-2024-36985 affecting Splunk Enterprise. It authenticates to a Splunk instance using provided credentials, retrieves the installed Splunk version, and determines whether it falls within the vulnerable ranges. The script then enumerates...
Authenticated RCE in Splunk (splunk_archiver app)
This Metasploit module exploits a Remote Code Execution RCE vulnerability in Splunk Enterprise splunkarchiver application. The flaw is rooted in the unsafe use of a Splunk lookup function, specifically | copybuckets, within the splunkarchiver application, which ultimately leads to the execution o...
📄 Splunk Enterprise 9.1.5 / 9.2.2 Remote Code Execution
This Metasploit module exploits a remote code execution vulnerability in Splunk Enterprise splunkarchiver application. The flaw is rooted in the unsafe use of a Splunk lookup function. The affected versions include any release prior to 9.0.10, as well as versions 9.1.2 through 9.1.5 and 9.2.0...
CVE-2025-20323 Missing Access Control of Saved Searches in the Splunk Archiver app
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the scheduled search Bucket Copy Trigger within the Splunk Archiver application. This is because of missing access controls in the saved...
CVE-2025-20323 Missing Access Control of Saved Searches in the Splunk Archiver app
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the scheduled search Bucket Copy Trigger within the Splunk Archiver application. This is because of missing access controls in the saved...
CVE-2024-36985
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, a low-privileged user that does not hold the admin or power Splunk roles could cause a Remote Code Execution through an external lookup that references the “splunkarchiver“ application...
CVE-2024-36985
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, a low-privileged user that does not hold the admin or power Splunk roles could cause a Remote Code Execution through an external lookup that references the “splunkarchiver“ application...
CVE-2024-36985 Remote Code Execution (RCE) through an external lookup due to “copybuckets.py“ script in the “splunk_archiver“ application in Splunk Enterprise
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, a low-privileged user that does not hold the admin or power Splunk roles could cause a Remote Code Execution through an external lookup that references the “splunkarchiver“ application...