cbcvebase.
CVE-2026-20139
published 2026-02-18

CVE-2026-20139: In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9…

PriorityP433medium4.3CVSS 3.1
AVNACLPRLUINSUCNINAL
EPSS
5.15%
91.4th percentile
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload into the `realname`, `tz`, or `email` parameters of the `/splunkd/__raw/services/authentication/users/username` REST API endpoint when they change a password. This could potentially lead to a client‑side denial‑of‑service (DoS). The malicious payload might significantly slow page load times or render Splunk Web temporarily unresponsive.

Affected

12 ranges
VendorProductVersion rangeFixed in
splunksplunk>= 10.0.0 < 10.0.210.0.2
splunksplunk>= 9.2.0 < 9.2.129.2.12
splunksplunk>= 9.3.0 < 9.3.99.3.9
splunksplunk>= 9.4.0 < 9.4.89.4.8
splunksplunk_cloud_platform>= 10.0.2503 < 10.0.2503.910.0.2503.9
splunksplunk_cloud_platform>= 10.1.2507 < 10.1.2507.810.1.2507.8
splunksplunk_cloud_platform>= 10.2.2510 < 10.2.2510.310.2.2510.3
splunksplunk_cloud_platform>= 9.3.2411 < 9.3.2411.1219.3.2411.121
splunksplunk_enterprise>= 10.0 < 10.0.210.0.2
splunksplunk_enterprise>= 9.2 < 9.2.129.2.12
splunksplunk_enterprise>= 9.3 < 9.3.99.3.9
splunksplunk_enterprise>= 9.4 < 9.4.89.4.8
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.