PT-2026-24736 · Splunk · Splunk Cloud Platform+2
Alex Hordijk
·
Published
2026-03-11
·
Updated
2026-03-15
·
CVE-2026-20164
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Splunk Enterprise versions prior to 10.2.0, 10.0.3, 9.4.9, and 9.3.10
Splunk Cloud Platform versions prior to 10.2.2510.5, 10.1.2507.16, 10.0.2503.11, and 9.3.2411.123
Description
A user with limited privileges, lacking the 'admin' or 'power' Splunk roles, can access the
/splunkd/ raw/servicesNS/-/-/configs/conf-passwords API endpoint. This endpoint exposes hashed or plaintext password values stored in the passwords.conf configuration file due to insufficient access controls. This could lead to the unauthorized disclosure of sensitive credentials.Recommendations
Splunk Enterprise versions prior to 10.2.0, 10.0.3, 9.4.9, and 9.3.10 should be updated.
Splunk Cloud Platform versions prior to 10.2.2510.5, 10.1.2507.16, 10.0.2503.11, and 9.3.2411.123 should be updated.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Splunk Cloud Platform
Splunk Enterprise
Splunk