CVE-2026-20142

Summary

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the Splunk _internal index could view the RSA accessKey value from the <u>Authentication.conf</u> file, in plain text.

Affected Software

VendorProductVersion RangeStatus
SplunkSplunk Enterprise10.0 < 10.0.2affected
SplunkSplunk Enterprise9.4 < 9.4.7affected
SplunkSplunk Enterprise9.3 < 9.3.9affected
SplunkSplunk Enterprise9.2 < 9.2.11affected

Weaknesses

  • CWE-532: Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References