CVE-2026-20259
5.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
Summary
In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability edit_saved_search_owner could reassign saved search ownership to users outside their authorized scope. The ownership reassignment endpoint lacks access control.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Splunk | Splunk Enterprise | 10.2 < 10.2.4 | affected |
| Splunk | Splunk Enterprise | 10.0 < 10.0.7 | affected |
| Splunk | Splunk Cloud Platform | 10.3.2512 < 10.3.2512.12 | affected |
| Splunk | Splunk Cloud Platform | 10.2.2510 < 10.2.2510.15 | affected |
| Splunk | Splunk Cloud Platform | 10.1.2507 < 10.1.2507.23 | affected |
| Splunk | Splunk Cloud Platform | 10.0.2503 < 10.0.2503.14 | affected |
| Splunk | Splunk Cloud Platform | 9.3.2411 < 9.3.2411.131 | affected |
Weaknesses
- CWE-284: The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.