EUVD-2026-36083

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious classic dashboard that...

CVE-2025-20369 Extensible Markup Language (XML) External Entity Injection (XXE) through Dashboard label field on Splunk Enterprise

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privilege user that does not hold the "admin" or "power" Splunk roles could perform an extensible markup language XML external entity XXE...

The vulnerability of the Splunk Dashboard Studio web interface on the Splunk Web platform for operational analysis in the Splunk Enterprise environment allows a hacker to disclose protected information.

The vulnerability of the Splunk Dashboard Studio web interface of the Splunk Enterprise operating analysis platform is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information by bypassing the modal dialog box...

uberAgent - Splunk dashboard does not display information about applications and desktops from DaaS

Splunk dashboard CVAD/DaaS Applications & Desktops does not display any information about published applications and desktops for DAAS. uberAgent.log file located in C:\Windows\Temp on the machine used for Citrix Cloud monitoring shows the errors: 2025-03-05 12:11:08.145...

Splunk Enterprise and Splunk Light Dashboard Cross-Site Scripting Vulnerability

Splunk is a suite of data collection and analysis software. The software is primarily used to collect, index and analyze machine-generated data, including data generated by all IT systems and infrastructure. A cross-site scripting vulnerability exists in Dashboard for Splunk Enterprise and Splunk...