CVE-2026-20255

MEDIUM

Improper Input Validation through Classic Dashboards in Splunk Enterprise

Title source: cna

Description

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server. The vulnerability exists because URL validation on the external content dialog is incomplete, which can allow for requests to untrusted domains when a user interacts with a crafted dashboard.

References (1)

Core 1

Core References

https://advisory.splunk.com/advisories/SVD-2026-0605

Scores

CVSS v3 5.7

EPSS 0.0024

EPSS Percentile 14.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (10)

splunk/splunk 9.3.0 - 9.3.13

Splunk/Splunk Cloud Platform 10.1.2507 - 10.1.2507.23

Splunk/Splunk Cloud Platform 10.2.2510 - 10.2.2510.15

Splunk/Splunk Cloud Platform 10.3.2512 - 10.3.2512.13

Splunk/Splunk Cloud Platform 9.3.2411 - 9.3.2411.132

Splunk/Splunk Enterprise 10.0 - 10.0.7

Splunk/Splunk Enterprise 10.2 - 10.2.4

Splunk/Splunk Enterprise 9.3 - 9.3.13

Splunk/Splunk Enterprise 9.4 - 9.4.12

splunk/splunk_cloud_platform 9.3.2411 - 9.3.2411.132

Published Jun 10, 2026

Tracked Since Jun 11, 2026