106 matches found
CVE-2022-43567
Splunk Enterprise: vulnerability CVE-2022-43567 affects the Mobile Alerts feature of the Splunk Secure Gateway app. An authenticated user could remotely execute arbitrary OS commands via specially crafted requests. Affected versions are Splunk Enterprise < 8.2.9, < 8.1.12, and
CVE-2024-36997
CVE-2024-36997 affects Splunk Enterprise (and Splunk Cloud Platform) where an admin can store and execute arbitrary JavaScript in another user’s browser via the conf-web/settings REST endpoint, enabling persistent XSS. Affected versions are Splunk Enterprise below 9.2.2, 9.1.5, and 9.0.10, and Sp...
CVE-2024-45736
CVE-2024-45736 affects Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111. A low-privileged user without admin/power roles can craft a search query with an improperly formatted INGEST_EVAL parameter in a ...
CVE-2026-20251
CVE-2026-20251 affects Splunk Enterprise (versions below 10.2.4/10.0.7/9.4.12/9.3.13), Splunk Cloud Platform (below 10.3.2512.12/10.2.2510.14/10.1.2507.22/9.3.2411.132), and Splunk Secure Gateway (below 3.10.6/3.9.20/3.8.67). A low-privileged user (not admin/power) can achieve Remote Code Executi...
CVE-2022-43570
CVE-2022-43570 affects Splunk Enterprise prior to 8.1.12, 8.2.9, and 9.0.2. An authenticated user can perform an XML External Entity (XXE) injection via a custom View, causing Splunk Web to embed incorrect documents into an error page. Root cause: XXE vulnerability in the handling of XML in custo...
CVE-2022-32152
CVE-2022-32152 affects Splunk Enterprise and Splunk Cloud Platform where TLS host name validation for Splunk-to-Splunk communications was not enforced by default in versions before 9.0 (Splunk Enterprise) and before 8.2.2203 (Splunk Cloud). The issue allowed an administrator to add a peer with an...
CVE-2022-43565
CVE-2022-43565 (Splunk Enterprise) : Affects Splunk Enterprise versions prior to 8.2.9 and prior to 8.1.12. Root cause: the tstats command’s handling of JSON can bypass SPL safeguards for risky commands, enabling manipulation if a user is phished into initiating a request in their browser. Exploi...
CVE-2024-45735
Summary (CVE-2024-45735) : Splunk Enterprise versions before 9.2.3 and 9.1.6, and Splunk Secure Gateway on Splunk Cloud Platform versions before 3.4.259, 3.6.17, or 3.7.0 allow a low-privileged user (not admin/power) to view App Key Value Store (KV Store) deployment configuration and public/priva...
CVE-2022-32154
Splunk Enterprise before 9.0 is affected by CVE-2022-32154 in its dashboards: an attacker could inject risky search commands into a form token used in a cross-origin query, bypassing SPL safeguards for risky commands. The issue is browser-based; exploitation depends on the attacker delivering a f...
CVE-2024-45737
CVE-2024-45737 affects Splunk Enterprise versions prior to 9.3.1, 9.2.3, and 9.1.6, and Splunk Cloud Platform prior to 9.2.2403.108 (and 9.1.2312.204). A low-privileged user without admin/power roles can change the maintenance mode state of KVStore via CSRF. The CVE is documented across multiple ...
CVE-2025-20227
CVE-2025-20227 affects Splunk Enterprise and Splunk Cloud Platform: a low-privileged user without admin/power roles could bypass the external content warning modal in Dashboard Studio dashboards, enabling information disclosure. Affected versions include Splunk Enterprise < 9.4.1, < 9.3.3, ...
CVE-2022-43561
CVE-2022-43561 affects Splunk Enterprise: versions prior to 8.1.12, 8.2.9, and 9.0.2. A remote user with the “power” role can store arbitrary scripts via the Save Table feature, enabling persistent cross-site scripting (XSS) on Splunk Web-enabled instances. The underlying vulnerability allows inj...
CVE-2022-43563
Splunk Enterprise is affected in versions before 8.2.9 and 8.1.12 due to how the rex search command handles field names, which can bypass SPL safeguards for risky commands. The attack requires phishing the victim into initiating a request in their browser; it is not exploitable at will. The issue...
CVE-2025-20226
CVE-2025-20226 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user (not admin/power) can bypass SPL safeguards on the /services/streams/search endpoint via the q parameter and execute a risky command using higher-privilege permissions after phishing the victim. Affected ver...
CVE-2026-20252
Splunk Enterprise and Splunk Cloud Platform are affected by CVE-2026-20252 due to an SSRF in Dashboard Studio PDF export. A low-privilege user (not admin/power role) can cause server-side requests to arbitrary internal destinations by abusing the PDF export feature. Root cause: trusted-domain val...
CVE-2022-43566
CVE-2022-43566 affects Splunk Enterprise: versions prior to 8.2.9, 8.1.12, and 9.0.2 allow an authenticated user to execute risky commands using a more privileged user’s permissions to bypass SPL safeguards in Analytics Workspace. The attack requires phishing the victim into initiating a request ...
CVE-2022-43564
CVE-2022-43564 affects Splunk Enterprise. A remote user who can create search macros and schedule search reports can trigger a denial of service by submitting specially crafted search macros in versions before 8.1.12, 8.2.9, or 9.0.2. The issue’s described impact is DoS; no other exploitation or ...
CVE-2022-37438
CVE-2022-37438 affects Splunk Enterprise. An authenticated user can craft a dashboard (requires access to create/share dashboards via Splunk Web) and may leak information about other Splunk users (e.g., username, email, real name) through the dashboard drilldown component. The issue is scoped to ...
CVE-2022-43569
CVE-2022-43569 affects Splunk Enterprise versions prior to 8.1.12, 8.2.9, and 9.0.2. An authenticated user can inject and store arbitrary scripts resulting in persistent cross-site scripting (XSS) in the object name of a Data Model. Remediation per sources: upgrade to 8.1.12 or later, 8.2.9 or la...
CVE-2025-20324
CVE-2025-20324 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user without admin/power roles can create or overwrite system source type configurations by sending a crafted payload to the REST endpoint at /servicesNS/nobody/search/admin/sourcetypes/ on the Splunk management ...
CVE-2026-20258
This CVE concerns Stored XSS in Splunk Enterprise and Splunk Cloud Platform via a classic dashboard HTML panel. A low-privileged user (not admin/power roles) can store a malicious script that executes in another user’s browser, triggered by a phishing-like action to initiate a request. Affected v...
CVE-2025-20371
CVE-2025-20371 affects Splunk Enterprise and Splunk Cloud Platform: unauthenticated SSRF that can cause REST API calls on behalf of an authenticated high-privilege user. Affected: Splunk Enterprise < 10.0.1; also versions 9.2.8–9.4.4; Splunk Cloud Platform < 9.3.2411.109, < 9.3.2408.119,
CVE-2025-20320
CVE-2025-20320 affects Splunk Enterprise versions prior to 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions prior to 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121. A low-privilege user who should not have admin or power roles can craft a malicious payload via the User Interface ...
CVE-2025-20325
Summary: CVE-2025-20325 affects Splunk Enterprise <9.4.3, <9.3.5, <9.2.7, <9.1.10 and Splunk Cloud Platform <9.3.2411.103, <9.3.2408.113,
CVE-2025-20321
The CVE-2025-20321 issue affects Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.114, and 9.2.2406.119. It is a Cross-Site Request Forgery (CSRF) vulnerability that can change the membership state of a Splunk Search...
CVE-2026-20255
The CVE-2026-20255 issue affects Splunk Enterprise (versions below 10.2.4, 10.0.7, 9.4.12, 9.3.13) and Splunk Cloud Platform (below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, 9.3.2411.132). A low-privilege user can craft a malicious classic dashboard to exfiltrate sensitive data to an external ser...
CVE-2025-20300
The CVE-2025-20300 issue affects Splunk Enterprise (versions below 9.4.2, 9.3.5, 9.2.6, 9.1.9) and Splunk Cloud Platform (below 9.3.2411.103, 9.3.2408.112, 9.2.2406.119). A low-privileged user who does not hold admin/power roles and has read-only access to a specific alert could suppress that ale...
CVE-2026-20239
CVE-2026-20239 affects Splunk products: Splunk Enterprise (versions below 10.2.2 and 10.0.5) and Splunk Cloud Platform (below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13). A user with access to the _internal index could view session cookies and response bodies containing sensitive d...
CVE-2025-20322
CVE-2025-20322 affects Splunk Enterprise and Splunk Cloud Platform. An unauthenticated attacker can trigger a rolling restart of the Search Head Cluster via a crafted SPL search command exploited through CSRF, potentially causing DoS. The attack requires phishing a administrator-level user to ini...
CVE-2025-20367
Affected software: Splunk Enterprise (versions below 9.4.4, 9.3.6, 9.2.8) and Splunk Cloud Platform (below 9.3.2411.109, 9.3.2408.119, 9.2.2406.122). Vulnerability: a low-privileged user can craft a malicious payload via the dataset.command parameter of the /app/search/table endpoint, resulting i...
CVE-2026-20164
CVE-2026-20164 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user not in admin/power roles can access the REST endpoint /splunkd/__raw/servicesNS/-/-/configs/conf-passwords, exposing hashed or plaintext passwords from passwords.conf due to improper access control. Impact i...
CVE-2026-20202
The CVE-2026-20202 entry concerns Splunk Enterprise (versions < 10.2.2, < 10.0.5, < 9.4.10, < 9.3.11) and Splunk Cloud Platform (versions < 10.4.2603.0, < 10.3.2512.6, < 10.2.2510.10, < 10.1.2507.20, < 10.0.2503.13,
CVE-2026-20254
The affected products are Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132. A low-privileged user (not admin/power) can craft a malicious classic dashboard that exfiltrates sens...
CVE-2026-20240
CVE-2026-20240 affects Splunk Enterprise (versions below 10.2.2, 10.0.5, 9.4.11, 9.3.12) and Splunk Cloud Platform (below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, 9.3.2411.129). A low-privilege user (not admin/power) can trigger a Denial of Service by abusing the coldTo...
CVE-2026-20259
CVE-2026-20259 affects Splunk Enterprise (below 10.2.4 and below 10.0.7) and Splunk Cloud Platform (below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, 9.3.2411.131). A user with the high-privilege capability edit_saved_search_owner can reassign saved search ownership to us...
CVE-2025-20384
CVE-2025-20384 affects Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, 9.2.10 and Splunk Cloud Platform below 10.1.2507.4, 10.0.2503.6, 9.3.2411.117.125. An unauthenticated attacker can inject ANSI escape codes into Splunk log files via improper validation at the /en-US/static/ endpoint, p...
CVE-2026-20166
CVE-2026-20166 affects Splunk Enterprise and Splunk Cloud Platform where a low-privilege user (not admin/power) could retrieve the Observability Cloud API access token via the Discover Splunk Observability Cloud app due to improper access control. Affected: Splunk Enterprise < 10.2.1 and < ...
CVE-2026-20203
CVE-2026-20203 describes improper access control in Data Model Acceleration for Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127. A low-privilege user ...
CVE-2026-20257
CVE-2026-20257 affects Splunk Enterprise (versions below 10.2.4, 10.0.7, 9.4.12, 9.3.13) and Splunk Cloud Platform (below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, 9.3.2411.132). A low-privileged user without admin/power roles can craft a classic dashboard that exfiltrates sensitive data from the...
CVE-2025-20382
CVE-2025-20382 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user (not admin/power role) can create a views dashboard with a custom background via the data:image/png;base64 protocol, potentially causing an unvalidated redirect. This bypasses the external URL warning mechan...
CVE-2026-20139
CVE-2026-20139 affects Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121. A low-privileged user (not admin/power) can craft a malicious payload into realname, tz, or email via the /spl...
CVE-2025-20368
CVE-2025-20368 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user (not admin/power roles) can craft a malicious payload via error messages and saved-search/job-inspector details, potentially causing unauthorized JavaScript execution in a user’s browser (XSS). Affected vers...
CVE-2025-20379
CVE-2025-20379 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user (not admin/power) can run a saved search with a risky command by leveraging the permissions of a higher-privileged user to bypass SPL safeguards, specifically via the /services/streams/search endpoint and th...
CVE-2025-20383
CVE-2025-20383 affects Splunk Enterprise (below 10.0.2 and older 9.x branches) and the Splunk Secure Gateway app (below 3.7.28/3.8.58/3.9.10) in Splunk Cloud Platform. A low-privilege user with mobile push notifications enabled can see the title and description of reports/alerts they are not auth...
CVE-2026-20256
Splunk Enterprise (versions < 10.2.4, 10.0.7, 9.4.12, 9.3.13) and Splunk Cloud Platform (versions
CVE-2026-20137
CVE-2026-20137 affects Splunk Enterprise (multiple legacy branches) and Splunk Cloud Platform. A low-privilege user lacking admin/power roles can bypass SPL safeguards for risky commands when creating a Data Model containing an injected SPL query within an object, by exploiting a path traversal v...
CVE-2026-20144
CVE-2026-20144 affects Splunk Enterprise (and Cloud Platform variants) where a user with access to the _internal index on a Search Head Cluster could view SAML configurations (AQRs or Authentication extensions) in plain text in the conf.log. Affected are Splunk Enterprise versions below 10.2.0, 1...
CVE-2025-20370
Summary (CVE-2025-20370) : Splunk Enterprise releases older than 10.0.1 and certain 9.x versions, plus Splunk Cloud Platform releases below specific 9.3.24xx/9.2.24xx builds, are affected. A user with the high-privilege capability change_authentication can send multiple LDAP bind requests to an i...
CVE-2025-20385
CVE-2025-20385 affects Splunk Enterprise below 10.0.2, 9.4.6, 9.3.8, 9.2.10 and Splunk Cloud Platform below 10.1.2507.6, 10.0.2503.7, 9.3.2411.117. A high-privilege user (admin_all_objects) can craft a malicious payload via the href attribute of an anchor tag in a navigation bar collection, resul...
CVE-2025-20389
CVE-2025-20389 affects Splunk Enterprise and the Splunk Secure Gateway app. A low-privilege user (not admin/power) can craft a malicious payload via the label column after adding a new device in Splunk Secure Gateway, potentially causing a client-side DoS. Affected versions: Splunk Enterprise <...