splunk

284 tracked vulnerabilities.

CVE-2026-20266 CRITICAL
OS Command Injection in the btool Configuration Helper in Splunk AI Toolkit
Jun 17, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-20265 MEDIUM
Insecure Default Domain Allowlist in Splunk AI Toolkit
Jun 17, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-20260 MEDIUM
Log Injection through HTTP Request Paths in Splunk SOAR
Jun 10, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-20259 MEDIUM
Improper Access Control in Splunk Enterprise
Jun 10, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-20258 HIGH
Stored Cross-Site Scripting (XSS) through Classic Dashboard in Splunk Enterprise
Jun 10, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-20257 MEDIUM
Improper Input Validation through Classic Dashboard CSS in Splunk Enterprise
Jun 10, 2026
CVSS 5.7
EPSS 0.00
CVE-2026-20256 MEDIUM
Improper Input Validation through Protocol-Relative URL in Classic Dashboards in Splunk Enterprise
Jun 10, 2026
CVSS 5.7
EPSS 0.00
CVE-2026-20255 MEDIUM
Improper Input Validation through Classic Dashboards in Splunk Enterprise
Jun 10, 2026
CVSS 5.7
EPSS 0.00
CVE-2026-20254 MEDIUM
Information Disclosure through External Content Restriction Bypass in Splunk Enterprise
Jun 10, 2026
CVSS 5.7
EPSS 0.00
CVE-2026-20253 CRITICAL KEVNUCLEI
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
Jun 10, 2026
CVSS 9.8
EPSS 0.88
CVE-2026-20252 HIGH
Server-Side Request Forgery (SSRF) through Dashboard Studio PDF Export in Splunk Enterprise
Jun 10, 2026
CVSS 7.6
EPSS 0.00
CVE-2026-20251 HIGH
Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway
Jun 10, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-20240 MEDIUM
Denial of Service through coldToFrozen.sh Script in Splunk Enterprise
May 20, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-20239 HIGH
Sensitive Information Disclosure through Log Files in Splunk Enterprise
May 20, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-20238 MEDIUM
Improper Access Control through Role Inheritance in Splunk AI Toolkit app
May 20, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-20205 HIGH
Sensitive Information Disclosure in ''_internal'' index in Splunk MCP Server app
Apr 15, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-20204 HIGH
Improper Handling and Insufficient Isolation of Specific Temporary Files in Splunk Enterprise
Apr 15, 2026
CVSS 7.1
EPSS 0.03
CVE-2026-20203 MEDIUM
Improper Access Control in Data Model Acceleration in Splunk Enterprise
Apr 15, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-20202 MEDIUM
Improper Input Validation during User Account Creation in Splunk Enterprise
Apr 15, 2026
CVSS 6.6
EPSS 0.00
CVE-2026-20166 MEDIUM
Splunk Enterprise <10.2.1 - Info Disclosure
Mar 11, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-20165 MEDIUM
Splunk Enterprise/Cloud - Info Disclosure
Mar 11, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-20164 MEDIUM
Splunk Enterprise <10.2.0 - Info Disclosure
Mar 11, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-20163 HIGH
Splunk Enterprise <10.2.0 - Command Injection
Mar 11, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-20162 MEDIUM
Splunk Enterprise <10.2.0 - Stored XSS
Mar 11, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-20144 MEDIUM
Splunk Enterprise <10.2.0 - Info Disclosure
Feb 18, 2026
CVSS 6.8
EPSS 0.00