CVE-2026-20252
published 2026-06-10CVE-2026-20252: In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14…
PriorityP350high7.6CVSS 3.1
AVNACLPRLUINSUCHILAL
EPSS
0.26%
16.8th percentile
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could send server-side requests to arbitrary internal destinations through the Dashboard Studio PDF export feature.
The vulnerability exists because the trusted-domain validation uses a prefix match that can be bypassed with attacker-controlled subdomains (for example, docs.splunk.com.evil.com), and because the PDF export service follows HTTP redirects automatically without re-validating each redirect target against the allowlist.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| splunk | splunk | >= 10.0.0 < 10.0.7 | 10.0.7 |
| splunk | splunk | >= 10.2.0 < 10.2.4 | 10.2.4 |
| splunk | splunk | >= 9.3.0 < 9.3.13 | 9.3.13 |
| splunk | splunk | >= 9.4.0 < 9.4.12 | 9.4.12 |
| splunk | splunk_cloud_platform | >= 10.1.2507 < 10.1.2507.22 | 10.1.2507.22 |
| splunk | splunk_cloud_platform | >= 10.2.2510 < 10.2.2510.14 | 10.2.2510.14 |
| splunk | splunk_cloud_platform | >= 10.3.2512 < 10.3.2512.12 | 10.3.2512.12 |
| splunk | splunk_cloud_platform | >= 10.4.2604 < 10.4.2604.3 | 10.4.2604.3 |
| splunk | splunk_cloud_platform | >= 9.3.2411 < 9.3.2411.132 | 9.3.2411.132 |
| splunk | splunk_enterprise | >= 10.0 < 10.0.7 | 10.0.7 |
| splunk | splunk_enterprise | >= 10.2 < 10.2.4 | 10.2.4 |
| splunk | splunk_enterprise | >= 9.3 < 9.3.13 | 9.3.13 |
| splunk | splunk_enterprise | >= 9.4 < 9.4.12 | 9.4.12 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privileg
ghsa_unreviewed·2026-06-10
CVE-2026-20252 [HIGH] CWE-918 In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privileg
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could send server-side requests to arbitrary internal destinations through the Dashboard Studio PDF export feature.
The vulnerability exists because the trusted-domain validation uses a prefix match that can be bypassed with attacker-controlled subdomains (for example, docs.splunk.com.evil.com), and because the PDF export service follows HTTP redirects automatically without re-validating each redirect target against the allowlist.
VulDB
Splunk Enterprise/Cloud Platform Dashboard Studio PDF Export server-side request forgery (SVD-2026-0602)
vuldb·2026-06-10·CVSS 7.6
CVE-2026-20252 [HIGH] Splunk Enterprise/Cloud Platform Dashboard Studio PDF Export server-side request forgery (SVD-2026-0602)
A vulnerability has been found in Splunk Enterprise and Cloud Platform and classified as critical. This vulnerability affects unknown code of the component Dashboard Studio PDF Export. This manipulation causes server-side request forgery.
The identification of this vulnerability is CVE-2026-20252. It is possible to initiate the attack remotely. There is no exploit available.
The affected component should be upgraded.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-10
Published