CVE-2026-20203 — Improper Access Control in Cloud Platform

CWE-284 — Improper Access Control4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.0%

top 92.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Splunk Cloud Platform Splunk Enterprise

Timeline

PublishedApr 15

Description

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the `admin` or `power` Splunk roles, has write permission on the app, and does not hold the high-privilege capability `accelerate_datamodel`, could turn on or off Data Model Acceleration due to improper access control.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5splunk/splunk_cloud_platform10.4.2603 — Not Affected+5

▶CVEListV5splunk/splunk_enterprise10.2 — 10.2.2+3

🔴Vulnerability Details

VulDB

Splunk Enterprise/Cloud Platform accelerate_datamodel access control (SVD-2026-0402)↗2026-04-15

▶

GHSA

GHSA-gpm4-vrgj-h7qc: In Splunk Enterprise versions below 10↗2026-04-15

▶

CVEList

Improper Access Control in Data Model Acceleration in Splunk Enterprise↗2026-04-15

▶