CVE-2026-20144

CWE-532 — Log File Information Exposure4 documents4 sources

Severity

4.9MEDIUM

EPSS

0.1%

top 80.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Splunk Splunk Cloud Platform Splunk Splunk Enterprise Splunk Splunk

Timeline

PublishedFeb 18

Description

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for Attribute query requests (AQRs) or Authentication extensions in plain text within the conf.log file, depending on which feature …

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5splunk/splunk_cloud_platform10.1.2507 — 10.1.2507.11+2

▶NVDsplunk/splunk_cloud_platform9.3.2411 — 9.3.2411.120+2

▶CVEListV5splunk/splunk_enterprise10.0 — 10.0.2+3

▶NVDsplunk/splunk9.2.0 — 9.2.11+3

🔴Vulnerability Details

CVEList

Sensitive Information Disclosure in ''_internal'' index in Splunk Enterprise↗2026-02-18

▶

GHSA

GHSA-f5pv-9whq-7mv7: In Splunk Enterprise versions below 10↗2026-02-18

▶

🕵️Threat Intelligence

Wiz

CVE-2026-20144 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶