PT-2026-42212 · Splunk · Splunk Cloud Platform+2

Charlie Huggard

·

Published

2026-05-20

·

Updated

2026-05-26

·

CVE-2026-20239

CVSS v3.1

7.5

High

VectorAV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the internal index could view session cookies and response bodies that contain sensitive data.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-20239

Affected Products

Splunk Cloud Platform
Splunk Enterprise
Splunk