CVE-2026-20163
published 2026-03-11CVE-2026-20163: In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and…
PriorityP350high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.46%
36.7th percentile
In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that contains the high-privilege capability `edit_cmd` could execute arbitrary shell commands using the `unarchive_cmd` parameter for the `/splunkd/__upload/indexing/preview` REST endpoint.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| splunk | splunk | >= 10.0.0 < 10.0.4 | 10.0.4 |
| splunk | splunk | >= 9.3.0 < 9.3.10 | 9.3.10 |
| splunk | splunk | >= 9.4.0 < 9.4.9 | 9.4.9 |
| splunk | splunk_cloud_platform | >= 10.0.2503 < 10.0.2503.12 | 10.0.2503.12 |
| splunk | splunk_cloud_platform | >= 10.1.2507 < 10.1.2507.16 | 10.1.2507.16 |
| splunk | splunk_cloud_platform | >= 10.2.2510 < 10.2.2510.5 | 10.2.2510.5 |
| splunk | splunk_cloud_platform | >= 9.3.2411 < 9.3.2411.124 | 9.3.2411.124 |
| splunk | splunk_enterprise | >= 10.0 < 10.0.4 | 10.0.4 |
| splunk | splunk_enterprise | >= 9.3 < 9.3.10 | 9.3.10 |
| splunk | splunk_enterprise | >= 9.4 < 9.4.9 | 9.4.9 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-20166 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.3
CVE-2026-20166 [MEDIUM] CVE-2026-20166 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20166 :
Splunk Enterprise vulnerability analysis and mitigation
In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.0.2503.12, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve the Observability Cloud API access token through the Discover Splunk Observability Cloud app due to improper access control.
This vulnerability does not affect Splunk Enterprise versions below 9.4.9 and 9.3.10 because the Discover Splunk Observability Cloud app does not come with Splunk Enterprise.
Source : NVD
## 5.4
Score
Published March 11, 2026
Severity MEDIUM
CNA Score 5.4
Affected Technologies
Splunk Enterprise
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV
Wiz
CVE-2026-20162 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.3
CVE-2026-20162 [MEDIUM] CVE-2026-20162 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20162 :
Splunk Enterprise vulnerability analysis and mitigation
/manager/launcher/data/ui/views/_new
The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.
Source : NVD
## 6.3
Score
Published March 11, 2026
Severity MEDIUM
CNA Score 6.3
Affected Technologies
Splunk Enterprise
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:splunk:splunk
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
Sources
Linux Severity MEDIUM Has Fix Added at: Mar 19
Wiz
CVE-2026-20137 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.5
CVE-2026-20137 [LOW] CVE-2026-20137 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20137 :
Splunk Enterprise vulnerability analysis and mitigation
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky commands when they create a Data Model that contains an injected SPL query within an object. They can bypass the safeguards by exploiting a path traversal vulnerability.
Source : NVD
## 5.7
Score
Published February 18, 2026
Severity MEDIUM
CNA Score 3.5
Affected Technologies
Splunk Enterprise
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability
Wiz
CVE-2026-20139 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2026-20139 [MEDIUM] CVE-2026-20139 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20139 :
Splunk Enterprise vulnerability analysis and mitigation
realname
tz
email
/splunkd/__raw/services/authentication/users/username
Source : NVD
## 4.3
Score
Published February 18, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
Splunk Enterprise
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 18.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:splunk:splunk
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
Sources
Linux Severity MEDIUM Has Fix Added at: Feb 19, 2026
Windows Severity MEDIUM Has Fix Added at: Feb 19, 2026
Linux Severity MEDIUM Has Fix Added at: Feb 24, 2026
Windows Severity MEDIUM Has Fix Added at: Feb 2
Wiz
CVE-2026-20144 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.8
CVE-2026-20144 [MEDIUM] CVE-2026-20144 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20144 :
Splunk Enterprise vulnerability analysis and mitigation
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for Attribute query requests (AQRs) or Authentication extensions in plain text within the conf.log file, depending on which feature is configured.
Source : NVD
## 4.9
Score
Published February 18, 2026
Severity MEDIUM
CNA Score 6.8
Affected Technologies
Splunk Enterprise
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/
Wiz
CVE-2026-20141 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2026-20141 [MEDIUM] CVE-2026-20141 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20141 :
Splunk Enterprise vulnerability analysis and mitigation
In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the "admin" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure.
The Monitoring Console app is a bundled app that comes with Splunk Enterprise. It is not available for download on SplunkBase, and is not installed on Splunk Cloud Platform instances. This vulnerability does not affect Cloud Monitoring Console .
Source : NVD
## 6.5
Score
Published February 18, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
Splunk Enterprise
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Re
Wiz
CVE-2026-20165 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.3
CVE-2026-20165 [MEDIUM] CVE-2026-20165 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20165 :
Splunk Enterprise vulnerability analysis and mitigation
In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve sensitive information by inspecting the job's search log due to improper access control in the MongoClient logging channel.
Source : NVD
## 6.5
Score
Published March 11, 2026
Severity MEDIUM
CNA Score 6.3
Affected Technologies
Splunk Enterprise
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.1
Exploitation Probability (EPSS) N/A
Affected packages a
Wiz
CVE-2026-20164 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.3
CVE-2026-20164 [MEDIUM] CVE-2026-20164 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20164 :
Splunk Enterprise vulnerability analysis and mitigation
/splunkd/__raw/servicesNS/-/-/configs/conf-passwords
Source : NVD
## 6.5
Score
Published March 11, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
Splunk Enterprise
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:splunk:splunk
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
Sources
Linux Severity MEDIUM Has Fix Added at: Mar 19, 2026
Windows Severity MEDIUM Has Fix Added at: Mar 19, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 26, 2026
Windows Severity MEDIUM Has Fix Added at: Mar 26, 2026
## Get a CVE ri
Wiz
CVE-2026-20142 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.8
CVE-2026-20142 [MEDIUM] CVE-2026-20142 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20142 :
Splunk Enterprise vulnerability analysis and mitigation
_internal
accessKey
Source : NVD
## 4.9
Score
Published February 18, 2026
Severity MEDIUM
CNA Score 6.8
Affected Technologies
Splunk Enterprise
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.1
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:splunk:splunk
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
Sources
Linux Severity MEDIUM Has Fix Added at: Feb 19, 2026
Windows Severity MEDIUM Has Fix Added at: Feb 19, 2026
Linux Severity MEDIUM Has Fix Added at: Feb 24, 2026
Windows Severity MEDIUM Has Fix Added at: Feb 24, 2026
## Get a CVE risk assessment
Get a priorit
Wiz
CVE-2026-20138 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.8
CVE-2026-20138 [MEDIUM] CVE-2026-20138 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20138 :
Splunk Enterprise vulnerability analysis and mitigation
_internal
integrationKey
secretKey
appSecretKey
Source : NVD
## 4.9
Score
Published February 18, 2026
Severity MEDIUM
CNA Score 6.8
Affected Technologies
Splunk Enterprise
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.1
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:splunk:splunk
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
Sources
Linux Severity MEDIUM Has Fix Added at: Feb 19, 2026
Windows Severity MEDIUM Has Fix Added at: Feb 19, 2026
Linux Severity MEDIUM Has Fix Added at: Feb 24, 2026
Windows Severity MEDIUM Has Fix Added at: Feb 24, 2026
## Get a CVE r
Wiz
CVE-2026-20163 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.3
CVE-2026-20163 [MEDIUM] CVE-2026-20163 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20163 :
Splunk Enterprise vulnerability analysis and mitigation
edit_cmd
unarchive_cmd
/splunkd/__upload/indexing/preview
Source : NVD
## 7.2
Score
Published March 11, 2026
Severity HIGH
CNA Score 7.2
Affected Technologies
Splunk Enterprise
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 22.7
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:splunk:splunk
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
Sources
Linux Severity HIGH Has Fix Added at: Mar 19, 2026
Windows Severity HIGH Has Fix Added at: Mar 19, 2026
Linux Severity HIGH Has Fix Added at: Mar 26, 2026
Windows Severity HIGH Has Fix Added at: Mar 26, 2026
## Get a CVE risk
Wiz
CVE-2026-20143 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.3
CVE-2026-20143 [MEDIUM] CVE-2026-20143 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20143 :
Splunk Enterprise vulnerability analysis and mitigation
In Splunk Enterprise for Windows versions below 10.2.0, 10.0.3, 9.4.8, and 9.3.9, a low‑privileged Windows user that can create a directory on the system drive where Splunk Enterprise is installed can write a malicious Python script into that directory. This could result in a Local Privilege Escalation (LPE) and a Denial of Service (DoS), as the malicious Python script might run with system level privileges when the Splunk Enterprise instance restarts.
Source : NVD
Published February 18, 2026
Severity HIGH
CNA Score N/A
Affected Technologies
Splunk Enterprise
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exp
2026-03-11
Published