CVE-2026-20239

Summary

In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the _internal index could view session cookies and response bodies that contain sensitive data.

Affected Software

VendorProductVersion RangeStatus
SplunkSplunk Enterprise10.2 < 10.2.2affected
SplunkSplunk Enterprise10.0 < 10.0.5affected
SplunkSplunk Cloud Platform10.3.2512 < 10.3.2512.8affected
SplunkSplunk Cloud Platform10.2.2510 < 10.2.2510.11affected
SplunkSplunk Cloud Platform10.1.2507 < 10.1.2507.21affected
SplunkSplunk Cloud Platform10.0.2503 < 10.0.2503.13affected

Weaknesses

  • CWE-532: Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References