CVE-2026-20162

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.0 Splunk Enterprise versions 10.0.3 and earlier Splunk Enterprise versions 9.4.9 and earlier Splunk Enterprise versions 9.3.9 and earlier Splunk Cloud Platform versions prior to 10.2.2510.4 Splunk Cloud Platform versions 10.1.2507.15 and earlier Splunk Cloud Platform versions 10.0.2503.11 and earlier Splunk Cloud Platform versions 9.3.2411.123 and earlier

Description A low-privileged user lacking 'admin' or 'power' Splunk roles can create a malicious payload when creating a View (Settings - User Interface - Views) at the /manager/launcher/data/ui/views/ new API endpoint. This leads to a Stored Cross-Site Scripting (XSS) issue due to a path traversal vulnerability. Successful exploitation could result in the execution of unauthorized JavaScript code within a user's browser. The attacker must trick the victim into initiating a request within their browser through phishing to exploit this issue. The authenticated user cannot exploit the vulnerability independently.

Recommendations Splunk Enterprise versions prior to 10.2.0 should be upgraded to version 10.2.0 or later. Splunk Enterprise versions 10.0.3 and earlier should be upgraded to version 10.0.3 or later. Splunk Enterprise versions 9.4.9 and earlier should be upgraded to version 9.4.9 or later. Splunk Enterprise versions 9.3.9 and earlier should be upgraded to version 9.3.9 or later. Splunk Cloud Platform versions prior to 10.2.2510.4 should be upgraded to version 10.2.2510.4 or later. Splunk Cloud Platform versions 10.1.2507.15 and earlier should be upgraded to version 10.1.2507.15 or later. Splunk Cloud Platform versions 10.0.2503.11 and earlier should be upgraded to version 10.0.2503.11 or later. Splunk Cloud Platform versions 9.3.2411.123 and earlier should be upgraded to version 9.3.2411.123 or later.