CVE-2026-20204Insecure Temporary File in Cloud Platform

CWE-377Insecure Temporary File4 documents4 sources
Severity
7.1HIGHNVD
EPSS
0.1%
top 67.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Splunk Cloud PlatformSplunk Enterprise
Timeline
PublishedApr 15

Description

In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.5, 10.2.2510.9, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the `admin` or `power` Splunk roles could potentially perform a Remote Code Execution (RCE) by uploading a malicious file to the `$SPLUNK_HOME/var/run/splunk/apptemp` directory due to improper handling and insufficient isolation of temporary files within the `a

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5splunk/splunk_cloud_platform10.4.2603Not Affected+5
CVEListV5splunk/splunk_enterprise10.210.2.1+3

🔴Vulnerability Details

3
GHSA
GHSA-gj97-4w7h-79j2: In Splunk Enterprise versions below 102026-04-15
VulDB
Splunk Enterprise/Cloud Platform File apptemp temp file (SVD-2026-0403)2026-04-15
CVEList
Improper Handling and Insufficient Isolation of Specific Temporary Files in Splunk Enterprise2026-04-15