CVE-2026-20139

CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 81.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Splunk Splunk Cloud Platform Splunk Splunk Enterprise Splunk Splunk

Timeline

PublishedFeb 18

Description

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload into the `realname`, `tz`, or `email` parameters of the `/splunkd/__raw/services/authentication/users/username` REST API endpoint when they change a password. This could potentially lead to a client‑side denial‑of‑s…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5splunk/splunk_cloud_platform10.2.2510 — 10.2.2510.3+3

▶NVDsplunk/splunk_cloud_platform9.3.2411 — 9.3.2411.121+3

▶CVEListV5splunk/splunk_enterprise10.0 — 10.0.2+3

▶NVDsplunk/splunk9.2.0 — 9.2.12+3

🔴Vulnerability Details

GHSA

GHSA-4vmx-r9fj-4cm5: In Splunk Enterprise versions below 10↗2026-02-18

▶

CVEList

Client-Side Denial of Service (DoS) through ''/splunkd/__raw/services/authentication/users/username'' REST API endpoint in Splunk Enterprise↗2026-02-18

▶

🕵️Threat Intelligence

Wiz

CVE-2026-20139 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶