CVE-2026-20257

MEDIUM

Improper Input Validation through Classic Dashboard CSS in Splunk Enterprise

Title source: cna

Description

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a classic dashboard that exfiltrates sensitive data from the browser of a higher-privileged user who views it. The exfiltration is possible because classic dashboard panels do not fully validate style attribute values, which can allow for requests to reach external domains outside the configured Trusted Domains List. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will.

References (1)

Core 1

Core References

https://advisory.splunk.com/advisories/SVD-2026-0607

Scores

CVSS v3 5.7

EPSS 0.0019

EPSS Percentile 9.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (10)

splunk/splunk 9.3.0 - 9.3.13

Splunk/Splunk Cloud Platform 10.1.2507 - 10.1.2507.23

Splunk/Splunk Cloud Platform 10.2.2510 - 10.2.2510.15

Splunk/Splunk Cloud Platform 10.3.2512 - 10.3.2512.13

Splunk/Splunk Cloud Platform 9.3.2411 - 9.3.2411.132

Splunk/Splunk Enterprise 10.0 - 10.0.7

Splunk/Splunk Enterprise 10.2 - 10.2.4

Splunk/Splunk Enterprise 9.3 - 9.3.13

Splunk/Splunk Enterprise 9.4 - 9.4.12

splunk/splunk_cloud_platform 9.3.2411 - 9.3.2411.132

Published Jun 10, 2026

Tracked Since Jun 11, 2026