CVE-2026-20142

CWE-532 — Log File Information Exposure4 documents4 sources

Severity

4.9MEDIUM

EPSS

0.1%

top 80.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Splunk Splunk Enterprise Splunk Splunk

Timeline

PublishedFeb 18

Description

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the Splunk `_internal` index could view the RSA `accessKey` value from the [Authentication.conf ](https://help.splunk.com/en/splunk-enterprise/administer/admin-manual/10.2/configuration-file-reference/10.2.0-configuration-file-reference/authentication.conf)file, in plain text.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5splunk/splunk_enterprise10.0 — 10.0.2+3

▶NVDsplunk/splunk9.2.0 — 9.2.11+3

🔴Vulnerability Details

GHSA

GHSA-rq7m-qrq2-mrg5: In Splunk Enterprise versions below 10↗2026-02-18

▶

CVEList

Sensitive Information Disclosure in "_internal" index in Splunk Enterprise↗2026-02-18

▶

🕵️Threat Intelligence

Wiz

CVE-2026-20142 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶