CVE-2022-26070

MEDIUM

Splunk Enterprise <8.1.0 - Info Disclosure

Title source: llm
STIX 2.1

Description

When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0.

References (1)

Core 1

Scores

CVSS v3 4.3
EPSS 0.0060
EPSS Percentile 44.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200 CWE-209
Status published
Products (1)
splunk/splunk < 8.1.0
Published May 06, 2022
Tracked Since Feb 18, 2026