CVE-2026-20144

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11 Splunk Cloud Platform versions prior to 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120

Description A user with access to the Splunk internal index within a Splunk Search Head Cluster (SHC) deployment may be able to view Security Assertion Markup Language (SAML) configurations in plain text within the conf.log file. This includes configurations for Attribute Query Requests (AQRs) or Authentication extensions, depending on which feature is configured.

Recommendations Update Splunk Enterprise to version 10.2.0 or later. Update Splunk Enterprise to version 10.0.2 or later. Update Splunk Enterprise to version 9.4.7 or later. Update Splunk Enterprise to version 9.3.8 or later. Update Splunk Enterprise to version 9.2.11 or later. Update Splunk Cloud Platform to version 10.2.2510.0 or later. Update Splunk Cloud Platform to version 10.1.2507.11 or later. Update Splunk Cloud Platform to version 10.0.2503.9 or later. Update Splunk Cloud Platform to version 9.3.2411.120 or later.