CVE-2026-20239

HIGH

Sensitive Information Disclosure through Log Files in Splunk Enterprise

Title source: cna

Description

In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_internal` index could view session cookies and response bodies that contain sensitive data.

References (1)

Core 1

Core References

https://advisory.splunk.com/advisories/SVD-2026-0503

Scores

CVSS v3 7.5

EPSS 0.0001

EPSS Percentile 1.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-532

Status published

Products (8)

splunk/splunk 10.0.0 - 10.0.5

Splunk/Splunk Cloud Platform 10.0.2503 - 10.0.2503.13

Splunk/Splunk Cloud Platform 10.1.2507 - 10.1.2507.21

Splunk/Splunk Cloud Platform 10.2.2510 - 10.2.2510.11

Splunk/Splunk Cloud Platform 10.3.2512 - 10.3.2512.8

Splunk/Splunk Enterprise 10.0 - 10.0.5

Splunk/Splunk Enterprise 10.2 - 10.2.2

splunk/splunk_cloud_platform 10.0.2503 - 10.0.2503.13

Published May 20, 2026

Tracked Since May 20, 2026