cbcvebase.
CVE-2026-20165
published 2026-03-11

CVE-2026-20165: In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and…

PriorityP337medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.17%
6.2th percentile
In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve sensitive information by inspecting the job's search log due to improper access control in the MongoClient logging channel.

Affected

12 ranges
VendorProductVersion rangeFixed in
splunksplunk
splunksplunk>= 10.0.0 < 10.0.410.0.4
splunksplunk>= 9.3.0 < 9.3.109.3.10
splunksplunk>= 9.4.0 < 9.4.99.4.9
splunksplunk_cloud_platform>= 10.0.2503 < 10.0.2503.1210.0.2503.12
splunksplunk_cloud_platform>= 10.1.2507 < 10.1.2507.1710.1.2507.17
splunksplunk_cloud_platform>= 10.2.2510 < 10.2.2510.710.2.2510.7
splunksplunk_cloud_platform>= 9.3.2411 < 9.3.2411.1249.3.2411.124
splunksplunk_enterprise>= 10.0 < 10.0.410.0.4
splunksplunk_enterprise>= 10.2 < 10.2.110.2.1
splunksplunk_enterprise>= 9.3 < 9.3.109.3.10
splunksplunk_enterprise>= 9.4 < 9.4.99.4.9
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.