cbcvebase.
CVE-2026-20162
published 2026-03-11

CVE-2026-20162: In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and…

PriorityP336medium6.3CVSS 3.1
AVNACLPRLUIRSUCHILAN
EPSS
0.20%
10.1th percentile
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123, a low-privileged user who does not hold the "admin" or "power" Splunk roles could craft a malicious payload when creating a View (Settings - User Interface - Views) at the `/manager/launcher/data/ui/views/_new` endpoint leading to a Stored Cross-Site Scripting (XSS) through a path traversal vulnerability. This could result in execution of unauthorized JavaScript code in the browser of a user. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.

Affected

10 ranges
VendorProductVersion rangeFixed in
splunksplunk>= 10.0.0 < 10.0.310.0.3
splunksplunk>= 9.3.0 < 9.3.99.3.9
splunksplunk>= 9.4.0 < 9.4.99.4.9
splunksplunk_cloud_platform>= 10.0.2503 < 10.0.2503.1110.0.2503.11
splunksplunk_cloud_platform>= 10.1.2507 < 10.1.2507.1510.1.2507.15
splunksplunk_cloud_platform>= 10.2.2510 < 10.2.2510.410.2.2510.4
splunksplunk_cloud_platform>= 9.3.2411 < 9.3.2411.1239.3.2411.123
splunksplunk_enterprise>= 10.0 < 10.0.310.0.3
splunksplunk_enterprise>= 9.3 < 9.3.99.3.9
splunksplunk_enterprise>= 9.4 < 9.4.99.4.9
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.