Splunk vulnerabilities
201 known vulnerabilities affecting splunk/splunk.
Total CVEs
201
CISA KEV
2
actively exploited
Public exploits
13
Exploited in wild
4
Severity breakdown
CRITICAL9HIGH56MEDIUM126LOW10
Vulnerabilities
Page 1 of 11
CVE-2026-20253P1CRITICALCVSS 9.8KEVPoC≥ 10.0.0, < 10.0.7≥ 10.2.0, < 10.2.42026-06-10
CVE-2026-20253 [CRITICAL] CWE-306 CVE-2026-20253: In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated use
In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file oper
nvd
CVE-2014-0160P1HIGHCVSS 7.5KEVPoC≥ 6.0.0, < 6.0.32014-04-07
CVE-2014-0160 [HIGH] CWE-125 CVE-2014-0160: The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heart
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed b
nvd
CVE-2018-11409P2MEDIUMCVSS 5.3ExploitedPoC≤ 7.0.12018-06-08
CVE-2018-11409 [MEDIUM] CWE-200 CVE-2018-11409: Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-in
Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.
nvd
CVE-2024-36991P1HIGHCVSS 7.5ExploitedPoC≥ 9.0.0, < 9.0.10≥ 9.1.0, < 9.1.5+1 more2024-07-01
CVE-2024-36991 [HIGH] CWE-35 CVE-2024-36991: In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
nvd
CVE-2023-46214P1HIGHCVSS 8.8PoC≥ 9.0.0, < 9.0.7≥ 9.1.0, < 9.1.22023-11-16
CVE-2023-46214 [HIGH] CWE-91 CVE-2023-46214: In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize exte
In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.
nvd
CVE-2023-32707P2HIGHCVSS 8.8PoC≥ 8.1.0, < 8.1.14≥ 8.2.0, < 8.2.11+1 more2023-06-01
CVE-2023-32707 [HIGH] CWE-285 CVE-2023-32707: In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below ve
In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.
nvd
CVE-2022-43571P2HIGHCVSS 8.8PoC≥ 8.1.0, < 8.1.12≥ 8.2.0, < 8.2.9+1 more2022-11-03
CVE-2022-43571 [HIGH] CWE-94 CVE-2022-43571: In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbi
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component.
nvd
CVE-2024-36985P2HIGHCVSS 8.8PoC≥ 9.0.0, < 9.0.10≥ 9.1.0, < 9.1.5+1 more2024-07-01
CVE-2024-36985 [HIGH] CWE-687 CVE-2024-36985: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, a low-privileged user that does not ho
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, a low-privileged user that does not hold the admin or power Splunk roles could cause a Remote Code Execution through an external lookup that references the “splunk_archiver“ application.
nvd
CVE-2011-4644P2CRITICALCVSS 9.3PoC≤ 4.2.5v2.1+63 more2012-01-03
CVE-2011-4644 [CRITICAL] CWE-287 CVE-2011-4644: Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functiona
Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute managem
nvd
CVE-2023-32714P2HIGHCVSS 8.1≥ 8.1.0, < 8.1.14≥ 8.2.0, < 8.2.11+1 more2023-06-01
CVE-2023-32714 [HIGH] CWE-35 CVE-2023-32714: In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a sp
In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and write to restricted areas of the Splunk installation directory.
nvd
CVE-2011-4642P3MEDIUMCVSS 4.6PoCv4.2v4.2.1+3 more2012-01-03
CVE-2011-4642 [MEDIUM] CWE-352 CVE-2011-4642: mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy comm
mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to the search application, as demonstrated by a cross-site request forgery (CSRF) attack, aka SPL-45172.
nvd
CVE-2026-20251P2HIGHCVSS 8.8≥ 9.3.0, < 9.3.13≥ 9.4.0, < 9.4.12+2 more2026-06-10
CVE-2026-20251 [HIGH] CWE-502 CVE-2026-20251: In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versio
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, and Splunk Secure Gateway versions below 3.10.6, 3.9.20, and 3.8.67, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could perform a Remote Code Execution
nvd
CVE-2025-20229P3HIGHCVSS 8.0≥ 9.1.0, < 9.1.8≥ 9.2.0, < 9.2.5+2 more2025-03-26
CVE-2025-20229 [HIGH] CWE-284 CVE-2025-20229: In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions bel
In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the "$SPLUNK_HOME/var/run/splunk/apptemp" dire
nvd
CVE-2022-32158P2CRITICALCVSS 10.0fixed in 9.02022-06-15
CVE-2022-32158 [CRITICAL] CWE-284 CVE-2022-32158: Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2.6.1, and 9.0 let clients deplo
Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromised a Universal Forwarder endpoint could use the vulnerability to execute arbitrary code on all other Universal Forwarder endpoints subscribed to
nvd
CVE-2016-10126P3CRITICALCVSS 9.8v5.0.0v5.0.1+64 more2017-01-10
CVE-2016-10126 [CRITICAL] CWE-264 CVE-2016-10126: Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x
Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via unspecified vectors, aka SPL-128840.
nvd
CVE-2024-45733P3HIGHCVSS 8.8≥ 9.1.0, < 9.1.6≥ 9.2.0, < 9.2.32024-10-14
CVE-2024-45733 [HIGH] CWE-502 CVE-2024-45733: In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not
In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an insecure session storage configuration.
nvd
CVE-2024-36983P3HIGHCVSS 8.8≥ 9.0.0, < 9.0.10≥ 9.1.0, < 9.1.5+1 more2024-07-01
CVE-2024-36983 [HIGH] CWE-77 CVE-2024-36983: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions belo
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From the
nvd
CVE-2022-37437P3CRITICALCVSS 9.8v9.0.02022-08-16
CVE-2022-37437 [CRITICAL] CWE-295 CVE-2022-37437: When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (
When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. The vulnerability only affects connections between Splunk Enterprise and an Ingest Actions Destination through Splunk Web and only applies to en
nvd
CVE-2024-36984P3HIGHCVSS 8.8≥ 9.0.0, < 9.0.10≥ 9.1.0, < 9.1.5+1 more2024-07-01
CVE-2024-36984 [HIGH] CWE-502 CVE-2024-36984: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could execute a specially crafted query that they could then use to serialize untrusted data. The attacker could use the query to execute arbitrary code.
nvd
CVE-2022-43567P3HIGHCVSS 8.8≥ 8.1.0, < 8.1.12≥ 8.2.0, < 8.2.9+1 more2022-11-04
CVE-2022-43567 [HIGH] CWE-502 CVE-2022-43567: In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrar
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.
nvd
1 / 11Next →