PT-2026-20472 · Splunk · Splunk Enterprise

Published

2026-02-18

Updated

2026-02-24

CVE-2026-20142

CVSS v3.1

6.8

Medium

Vector

AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.0 Splunk Enterprise versions prior to 10.0.2 Splunk Enterprise versions prior to 9.4.7 Splunk Enterprise versions prior to 9.3.9 Splunk Enterprise versions prior to 9.2.11

Description A user with access to the internal index within a Splunk Search Head Cluster (SHC) deployment could view the RSA accessKey value from the Authentication.conf file in plain text. This affects deployments where a user holds a role granting access to this index. The accessKey is a critical component for authentication.

Recommendations Upgrade to Splunk Enterprise version 10.2.0 or later. Upgrade to Splunk Enterprise version 10.0.2 or later. Upgrade to Splunk Enterprise version 9.4.7 or later. Upgrade to Splunk Enterprise version 9.3.9 or later. Upgrade to Splunk Enterprise version 9.2.11 or later.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2026-20142

Affected Products

Splunk Enterprise

PT-2026-20472 · Splunk · Splunk Enterprise

CVE-2026-20142

Weakness Enumeration

Related Identifiers

Affected Products

References · 6