CVE-2026-20165

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.1 Splunk Enterprise versions 10.0.0 through 10.0.4 Splunk Enterprise versions 9.3.10 and earlier Splunk Enterprise version 9.4.9 Splunk Cloud Platform versions prior to 10.2.2510.7 Splunk Cloud Platform versions 10.0.2503.12 and earlier Splunk Cloud Platform versions 10.1.2507.17 and earlier Splunk Cloud Platform versions 9.3.2411.124 and earlier

Description A user with limited privileges, lacking the 'admin' or 'power' roles within Splunk, may be able to access sensitive information by examining the search log of a job. This is due to insufficient access controls within the MongoClient logging channel. The issue involves improper access control, allowing unauthorized information disclosure.

Recommendations Update Splunk Enterprise to version 10.2.1 or later. Update Splunk Enterprise to version 10.0.4 or later. Update Splunk Enterprise to version 9.4.9 or later. Update Splunk Enterprise to version 9.3.10 or later. Update Splunk Cloud Platform to version 10.2.2510.7 or later. Update Splunk Cloud Platform to version 10.1.2507.17 or later. Update Splunk Cloud Platform to version 10.0.2503.12 or later. Update Splunk Cloud Platform to version 9.3.2411.124 or later.