CVE-2026-20140

Name of the Vulnerable Software and Affected Versions Splunk Enterprise for Windows versions prior to 10.2.0 Splunk Enterprise for Windows versions prior to 10.0.3 Splunk Enterprise for Windows versions prior to 9.4.8 Splunk Enterprise for Windows versions prior to 9.3.9 Splunk Enterprise for Windows versions prior to 9.2.12

Description A high-severity DLL search-order hijacking flaw exists in Splunk Enterprise for Windows. This flaw allows a low-privileged local user to place a malicious DLL that is then loaded by the Splunk service upon restart, resulting in the execution of attacker code with SYSTEM-level privileges. The vulnerability is tracked as CVE-2026-20140 and has a CVSS score of 7.7. The exploit involves creating a directory on the system drive and injecting a malicious DLL file. This allows the attacker to gain full control over the host machine.

Recommendations Upgrade to Splunk Enterprise for Windows version 10.2.0. Upgrade to Splunk Enterprise for Windows version 10.0.3. Upgrade to Splunk Enterprise for Windows version 9.4.8. Upgrade to Splunk Enterprise for Windows version 9.3.9. Upgrade to Splunk Enterprise for Windows version 9.2.12. Restrict write permissions on system-drive directories to reduce potential hijack paths.