CVE-2026-20166

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.1 and versions prior to 10.0.4 Splunk Cloud Platform versions prior to 10.2.2510.5, versions prior to 10.1.2507.16, and versions prior to 10.0.2503.12

Description A user with limited privileges, lacking 'admin' or 'power' roles, could obtain the Observability Cloud API access token through the Discover Splunk Observability Cloud app due to insufficient access controls. This issue does not impact Splunk Enterprise versions 9.4.9 and earlier, or 9.3.10 and earlier, as these versions do not include the Discover Splunk Observability Cloud app. The API endpoint involved is not explicitly mentioned. The vulnerable component is the Discover Splunk Observability Cloud app.

Recommendations Splunk Enterprise versions prior to 10.2.1 should be updated to version 10.2.1 or later. Splunk Enterprise versions prior to 10.0.4 should be updated to version 10.0.4 or later. Splunk Cloud Platform versions prior to 10.2.2510.5 should be updated to version 10.2.2510.5 or later. Splunk Cloud Platform versions prior to 10.1.2507.16 should be updated to version 10.1.2507.16 or later. Splunk Cloud Platform versions prior to 10.0.2503.12 should be updated to version 10.0.2503.12 or later.