Splunk Enterprise 9.3.0 < 9.3.10, 9.4.0 < 9.4.9, 10.0.0 < 10.0.3 (SVD-2026-0303)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0303 advisory. - In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5,...

Splunk Enterprise 9.3.0 < 9.3.9, 9.4.0 < 9.4.9, 10.0.0 < 10.0.3 (SVD-2026-0301)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0301 advisory. - In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4,...

PT-2026-24734

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123, a low-privileged user who does not hold the "admin" or "power" Splunk roles could craft a malicious payload when creating a Vie...

📄 Splunk Enterprise 9.1.5 / 9.2.2 Remote Code Execution

This PHP script is a proof of concept exploit for CVE-2024-36985, an authenticated Remote Code Execution vulnerability affecting Splunk instances where the splunkarchiver app is installed and enabled. It is a conversion of a Metasploit module into PHP...

📄 Splunk Enterprise 9.1.5 / 9.2.2 Remote Code Execution

Proof of concept exploit for a critical authenticated remote code execution vulnerability that affects multiple versions of Splunk Enterprise when the splunkarchiver application is enabled...

📄 Splunk Enterprise 9.1.5 / 9.2.2 Vulnerability Scanner

This PHP script is a defensive vulnerability checker for CVE-2024-36985 affecting Splunk Enterprise. It authenticates to a Splunk instance using provided credentials, retrieves the installed Splunk version, and determines whether it falls within the vulnerable ranges. The script then enumerates...

GHSA-8FJ7-8H3W-XWFM vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-elasticache, harbor, crossplane-provider-aws-ec2, telegraf, terraform-provider-aws, dex, gitlab-pages, tigera-operator, external-dns, chezmoi, crossplane-provider-aws-dynamodb, kubo, crossplane-provider-aws-memorydb, zarf, apko,...

CVE-2026-27141 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-elasticache, harbor, crossplane-provider-aws-ec2, telegraf, terraform-provider-aws, dex, gitlab-pages, tigera-operator, external-dns, chezmoi, crossplane-provider-aws-dynamodb, kubo, crossplane-provider-aws-memorydb, zarf, apko,...

GHSA-8FJ7-8H3W-XWFM vulnerabilities

Vulnerabilities for packages: tempo-fips, crossplane-provider-aws-wafv2, trivy, polaris-fips, datadog-agent, contour, caddy, livekit-cli, gitlab-runner, crossplane-provider-aws-cloudwatchlogs-fips, crossplane-provider-aws-route53-fips, opa, crossplane-provider-aws-elasticache, opa-fips-envoy,...

CVE-2026-27141 vulnerabilities

Vulnerabilities for packages: tempo-fips, crossplane-provider-aws-wafv2, trivy, polaris-fips, datadog-agent, contour, caddy, livekit-cli, gitlab-runner, crossplane-provider-aws-cloudwatchlogs-fips, crossplane-provider-aws-route53-fips, opa, crossplane-provider-aws-elasticache, opa-fips-envoy,...

Splunk Enterprise 8.2.9 / 9.0.2 Vulnerability Scanner

This is a scanner that checks if a Splunk Enterprise system is susceptible to CVE‑2022‑43571, an authenticated remote code execution vulnerability. The vulnerability exists due to insufficient input sanitization in SimpleXML dashboard style parameters such as lineColor or fillColor. When a...

Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform

Splunk has fixed vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. The vulnerabilities are in several versions of Splunk Enterprise and Splunk Cloud Platform. They allow low-privileged users to bypass protections, view sensitive information, and abuse the REST API for user...

📄 Splunk Enterprise 8.2.9 / 9.0.2 Authenticated Remote Code Execution

Proof of concept exploit for CVE-2022-43571, a critical authenticated remote code execution vulnerability affecting Splunk Enterprise versions 8.2.9 and 9.0.2. The flaw resides in the SimpleXML dashboard PDF generation process, where insufficient input sanitization allows a privileged authenticat...

CVE-2026-20141

In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the "admin" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure. The Monitoring...

CVE-2026-20138

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the integrationKey, secretKey, and appSecretKey secrets, generated by Duo Two-Factor...

CVE-2026-20142

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the RSA accessKey value from the Authentication.conf file, in plain text...

CVE-2026-20139

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload into the...

CVE-2026-20137

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky...

CVE-2026-20144

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the the Splunk internal index coul...

PT-2026-20923

Name of the Vulnerable Software and Affected Versions Splunk Enterprise for Windows versions prior to 10.2.0 Splunk Enterprise for Windows versions prior to 10.0.3 Splunk Enterprise for Windows versions prior to 9.4.8 Splunk Enterprise for Windows versions prior to 9.3.9 Splunk Enterprise for...