CVE-2026-20137

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9 Splunk Cloud Platform versions prior to 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122

Description A user with limited privileges, lacking the 'admin' or 'power' roles within Splunk, may be able to circumvent security measures designed to protect against potentially harmful SPL commands. This occurs when creating a Data Model that incorporates an injected SPL query within an object. The bypass is achieved through a path traversal flaw.

Recommendations Update Splunk Enterprise to version 10.2.0 or later. Update Splunk Enterprise to version 10.0.3 or later. Update Splunk Enterprise to version 9.4.5 or later. Update Splunk Enterprise to version 9.3.7 or later. Update Splunk Enterprise to version 9.2.9 or later. Update Splunk Cloud Platform to version 10.1.2507.0 or later. Update Splunk Cloud Platform to version 10.0.2503.9 or later. Update Splunk Cloud Platform to version 9.3.2411.112 or later. Update Splunk Cloud Platform to version 9.3.2408.122 or later.