cbcvebase.
CVE-2026-20163
published 2026-03-11

CVE-2026-20163: In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and…

PriorityP350high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.46%
36.7th percentile
In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that contains the high-privilege capability `edit_cmd` could execute arbitrary shell commands using the `unarchive_cmd` parameter for the `/splunkd/__upload/indexing/preview` REST endpoint.

Affected

10 ranges
VendorProductVersion rangeFixed in
splunksplunk>= 10.0.0 < 10.0.410.0.4
splunksplunk>= 9.3.0 < 9.3.109.3.10
splunksplunk>= 9.4.0 < 9.4.99.4.9
splunksplunk_cloud_platform>= 10.0.2503 < 10.0.2503.1210.0.2503.12
splunksplunk_cloud_platform>= 10.1.2507 < 10.1.2507.1610.1.2507.16
splunksplunk_cloud_platform>= 10.2.2510 < 10.2.2510.510.2.2510.5
splunksplunk_cloud_platform>= 9.3.2411 < 9.3.2411.1249.3.2411.124
splunksplunk_enterprise>= 10.0 < 10.0.410.0.4
splunksplunk_enterprise>= 9.3 < 9.3.109.3.10
splunksplunk_enterprise>= 9.4 < 9.4.99.4.9
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.