PT-2026-42213 · Splunk · Splunk Cloud Platform+1
Alex Hordijk
·
Published
2026-05-20
·
Updated
2026-05-20
·
CVE-2026-20240
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the ‘admin’ or ‘power’ Splunk roles could cause a Denial of Service by exploiting the
The Denial of Service is possible because of missing input validation in the
coldToFrozen.sh script in the splunk archiver app to rename critical Splunk directories, making the instance non-functional.The Denial of Service is possible because of missing input validation in the
coldToFrozen.sh script, which accepts arbitrary file paths and renames them without restricting operations to safe directories.Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Splunk Cloud Platform
Splunk Enterprise