CVE-2026-20259
published 2026-06-10CVE-2026-20259: In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23…
PriorityP433medium5.5CVSS 3.1
AVNACLPRHUINSUCHILAN
EPSS
0.19%
8.7th percentile
In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability `edit_saved_search_owner` could reassign saved search ownership to users outside their authorized scope. The ownership reassignment endpoint lacks access control.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| splunk | splunk | >= 10.0.0 < 10.0.7 | 10.0.7 |
| splunk | splunk | >= 10.2.0 < 10.2.4 | 10.2.4 |
| splunk | splunk_cloud_platform | >= 10.0.2503 < 10.0.2503.14 | 10.0.2503.14 |
| splunk | splunk_cloud_platform | >= 10.1.2507 < 10.1.2507.23 | 10.1.2507.23 |
| splunk | splunk_cloud_platform | >= 10.2.2510 < 10.2.2510.15 | 10.2.2510.15 |
| splunk | splunk_cloud_platform | >= 10.3.2512 < 10.3.2512.12 | 10.3.2512.12 |
| splunk | splunk_cloud_platform | >= 9.3.2411 < 9.3.2411.131 | 9.3.2411.131 |
| splunk | splunk_enterprise | >= 10.0 < 10.0.7 | 10.0.7 |
| splunk | splunk_enterprise | >= 10.2 < 10.2.4 | 10.2.4 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds
ghsa_unreviewed·2026-06-10
CVE-2026-20259 [MEDIUM] CWE-284 In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds
In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability `edit_saved_search_owner` could reassign saved search ownership to users outside their authorized scope. The ownership reassignment endpoint lacks access control.
VulDB
Splunk Enterprise/Cloud Platform Ownership Reassignment Endpoint access control (SVD-2026-0609)
vuldb·2026-06-10·CVSS 5.5
CVE-2026-20259 [MEDIUM] Splunk Enterprise/Cloud Platform Ownership Reassignment Endpoint access control (SVD-2026-0609)
A vulnerability classified as critical was found in Splunk Enterprise and Cloud Platform. This vulnerability affects unknown code of the component Ownership Reassignment Endpoint. The manipulation results in improper access controls.
This vulnerability is known as CVE-2026-20259. It is possible to launch the attack remotely. No exploit is available.
Upgrading the affected component is advised.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-10
Published