CVE-2026-20203

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.2 Splunk Enterprise versions prior to 10.0.5 Splunk Enterprise versions prior to 9.4.10 Splunk Enterprise versions prior to 9.3.11 Splunk Cloud Platform versions prior to 10.4.2603.0 Splunk Cloud Platform versions prior to 10.3.2512.6 Splunk Cloud Platform versions prior to 10.2.2510.10 Splunk Cloud Platform versions prior to 10.1.2507.19 Splunk Cloud Platform versions prior to 10.0.2503.13 Splunk Cloud Platform versions prior to 9.3.2411.127

Description Improper access control allows a low-privileged user to enable or disable Data Model Acceleration. This occurs when a user does not possess the admin or power roles and lacks the accelerate datamodel capability, but maintains write permission on the app.

Recommendations Update Splunk Enterprise to version 10.2.2, 10.0.5, 9.4.10, or 9.3.11 depending on the current installation branch. Update Splunk Cloud Platform to version 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, or 9.3.2411.127 depending on the current installation branch.