PT-2026-42213 · Splunk · Splunk Enterprise+1

·

CVE-2026-20240

·

Published

2026-05-20

·

Updated

2026-05-26

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.2 Splunk Enterprise versions prior to 10.0.5 Splunk Enterprise versions prior to 9.4.11 Splunk Enterprise versions prior to 9.3.12 Splunk Cloud Platform versions prior to 10.4.2603.1 Splunk Cloud Platform versions prior to 10.3.2512.9 Splunk Cloud Platform versions prior to 10.2.2510.11 Splunk Cloud Platform versions prior to 10.1.2507.21 Splunk Cloud Platform versions prior to 10.0.2503.13 Splunk Cloud Platform versions prior to 9.3.2411.129
Description A low-privileged user without 'admin' or 'power' roles can cause a Denial of Service by exploiting the coldToFrozen.sh script within the splunk archiver app. The issue stems from missing input validation in the coldToFrozen.sh script, which allows the acceptance of arbitrary file paths and the renaming of critical directories, rendering the instance non-functional.
Recommendations Update Splunk Enterprise to version 10.2.2, 10.0.5, 9.4.11, or 9.3.12 depending on the current release track. Update Splunk Cloud Platform to version 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, or 9.3.2411.129 depending on the current release track. As a temporary workaround, restrict access to the coldToFrozen.sh script in the splunk archiver app.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-20240

Affected Products

Splunk Cloud Platform
Splunk Enterprise