cbcvebase.
CVE-2026-20255
published 2026-06-10

CVE-2026-20255: In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and…

PriorityP334medium5.7CVSS 3.1
AVNACLPRLUIRSUCHINAN
EPSS
0.24%
15.5th percentile
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server. The vulnerability exists because URL validation on the external content dialog is incomplete, which can allow for requests to untrusted domains when a user interacts with a crafted dashboard.

Affected

12 ranges
VendorProductVersion rangeFixed in
splunksplunk>= 10.0.0 < 10.0.710.0.7
splunksplunk>= 10.2.0 < 10.2.410.2.4
splunksplunk>= 9.3.0 < 9.3.139.3.13
splunksplunk>= 9.4.0 < 9.4.129.4.12
splunksplunk_cloud_platform>= 10.1.2507 < 10.1.2507.2310.1.2507.23
splunksplunk_cloud_platform>= 10.2.2510 < 10.2.2510.1510.2.2510.15
splunksplunk_cloud_platform>= 10.3.2512 < 10.3.2512.1310.3.2512.13
splunksplunk_cloud_platform>= 9.3.2411 < 9.3.2411.1329.3.2411.132
splunksplunk_enterprise>= 10.0 < 10.0.710.0.7
splunksplunk_enterprise>= 10.2 < 10.2.410.2.4
splunksplunk_enterprise>= 9.3 < 9.3.139.3.13
splunksplunk_enterprise>= 9.4 < 9.4.129.4.12
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.