CVE-2026-20138

CWE-532 — Log File Information Exposure4 documents4 sources

Severity

4.9MEDIUM

EPSS

0.1%

top 80.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Splunk Splunk Enterprise Splunk Splunk

Timeline

PublishedFeb 18

Description

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the Splunk `_internal` index could view the `integrationKey`, `secretKey`, and `appSecretKey` secrets, generated by [Duo Two-Factor Authentication for Splunk Enterprise](https://duo.com/docs/splunk), in plain text.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5splunk/splunk_enterprise10.0 — 10.0.2+3

▶NVDsplunk/splunk9.2.0 — 9.2.11+3

🔴Vulnerability Details

GHSA

GHSA-v8wf-h34r-55f7: In Splunk Enterprise versions below 10↗2026-02-18

▶

CVEList

Sensitive Information Disclosure in "_internal" index in Splunk Enterprise↗2026-02-18

▶

🕵️Threat Intelligence

Wiz

CVE-2026-20138 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶