CVE-2026-20202

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.2 Splunk Enterprise versions prior to 10.0.5 Splunk Enterprise versions prior to 9.4.10 Splunk Enterprise versions prior to 9.3.11 Splunk Cloud Platform versions prior to 10.4.2603.0 Splunk Cloud Platform versions prior to 10.3.2512.6 Splunk Cloud Platform versions prior to 10.2.2510.10 Splunk Cloud Platform versions prior to 10.1.2507.20 Splunk Cloud Platform versions prior to 10.0.2503.13 Splunk Cloud Platform versions prior to 9.3.2411.127

Description Improper input validation allows a user with a role containing the high-privilege capability edit user to create a specially crafted username containing a null byte or a non-UTF-8 percent-encoded byte. This results in inconsistent conversion of usernames for storage, leading to account management inconsistencies, such as the inability to edit or delete the affected users.

Recommendations Update Splunk Enterprise to version 10.2.2, 10.0.5, 9.4.10, or 9.3.11 depending on the current installation branch. Update Splunk Cloud Platform to version 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, or 9.3.2411.127 depending on the current installation branch.