PT-2026-24735 · Splunk · Splunk Cloud Platform+2
Danylo Dmytriiev
+3
·
Published
2026-03-11
·
Updated
2026-04-16
·
CVE-2026-20163
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Splunk Enterprise versions prior to 10.2.0, 10.0.4, 9.4.9, and 9.3.10
Splunk Cloud Platform versions prior to 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124
Description
A user with a role containing the
edit cmd capability can execute arbitrary shell commands. This is possible through the unarchive cmd parameter of the /splunkd/ upload/indexing/preview REST endpoint. The issue stems from inadequate input sanitization, allowing for remote command execution.Recommendations
Update Splunk Enterprise to version 10.2.0 or later.
Update Splunk Cloud Platform to version 10.2.2510.5 or later.
Remove the
edit cmd capability from user roles if an immediate update is not possible.Fix
RCE
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Splunk Cloud Platform
Splunk Enterprise
Splunk