splunk
284 tracked vulnerabilities.
CVE-2026-20266
CRITICAL
OS Command Injection in the btool Configuration Helper in Splunk AI Toolkit
Jun 17, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-20265
MEDIUM
Insecure Default Domain Allowlist in Splunk AI Toolkit
Jun 17, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-20260
MEDIUM
Log Injection through HTTP Request Paths in Splunk SOAR
Jun 10, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-20259
MEDIUM
Improper Access Control in Splunk Enterprise
Jun 10, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-20258
HIGH
Stored Cross-Site Scripting (XSS) through Classic Dashboard in Splunk Enterprise
Jun 10, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-20257
MEDIUM
Improper Input Validation through Classic Dashboard CSS in Splunk Enterprise
Jun 10, 2026
CVSS 5.7
EPSS 0.00
CVE-2026-20256
MEDIUM
Improper Input Validation through Protocol-Relative URL in Classic Dashboards in Splunk Enterprise
Jun 10, 2026
CVSS 5.7
EPSS 0.00
CVE-2026-20255
MEDIUM
Improper Input Validation through Classic Dashboards in Splunk Enterprise
Jun 10, 2026
CVSS 5.7
EPSS 0.00
CVE-2026-20254
MEDIUM
Information Disclosure through External Content Restriction Bypass in Splunk Enterprise
Jun 10, 2026
CVSS 5.7
EPSS 0.00
CVE-2026-20253
CRITICAL
KEVNUCLEI
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
Jun 10, 2026
CVSS 9.8
EPSS 0.88
CVE-2026-20252
HIGH
Server-Side Request Forgery (SSRF) through Dashboard Studio PDF Export in Splunk Enterprise
Jun 10, 2026
CVSS 7.6
EPSS 0.00
CVE-2026-20251
HIGH
Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway
Jun 10, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-20240
MEDIUM
Denial of Service through coldToFrozen.sh Script in Splunk Enterprise
May 20, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-20239
HIGH
Sensitive Information Disclosure through Log Files in Splunk Enterprise
May 20, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-20238
MEDIUM
Improper Access Control through Role Inheritance in Splunk AI Toolkit app
May 20, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-20205
HIGH
Sensitive Information Disclosure in ''_internal'' index in Splunk MCP Server app
Apr 15, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-20204
HIGH
Improper Handling and Insufficient Isolation of Specific Temporary Files in Splunk Enterprise
Apr 15, 2026
CVSS 7.1
EPSS 0.03
CVE-2026-20203
MEDIUM
Improper Access Control in Data Model Acceleration in Splunk Enterprise
Apr 15, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-20202
MEDIUM
Improper Input Validation during User Account Creation in Splunk Enterprise
Apr 15, 2026
CVSS 6.6
EPSS 0.00
CVE-2026-20166
MEDIUM
Splunk Enterprise <10.2.1 - Info Disclosure
Mar 11, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-20165
MEDIUM
Splunk Enterprise/Cloud - Info Disclosure
Mar 11, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-20164
MEDIUM
Splunk Enterprise <10.2.0 - Info Disclosure
Mar 11, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-20163
HIGH
Splunk Enterprise <10.2.0 - Command Injection
Mar 11, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-20162
MEDIUM
Splunk Enterprise <10.2.0 - Stored XSS
Mar 11, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-20144
MEDIUM
Splunk Enterprise <10.2.0 - Info Disclosure
Feb 18, 2026
CVSS 6.8
EPSS 0.00
Products
splunk 201
splunk_cloud_platform 106
universal_forwarder 61
Splunk Enterprise 16
Splunk Cloud Platform 14
cloud 9
splunk_secure_gateway 5
Splunk AI Toolkit 3
Splunk Secure Gateway 3
add-on_builder 3
ai_toolkit 3
splunk_app_for_lookup_file_editing 3
Splunk MCP Server 2
enterprise_security 2
Splunk Add-on for Palo Alto Networks 1
Splunk App for SOAR 1
Splunk SOAR 1
Splunk Supporting Add-on for Active Directory 1
cloudconnect_software_development_kit 1
hadoop_connect 1
it_service_intelligence 1
nozzle 1
soar 1
software_development_kit 1
splunk_app_for_stream 1
Quick Filters