PT-2026-60233 · Splunk · Splunk Cloud Platform+1

Published

2026-07-15

·

Updated

2026-07-15

·

CVE-2026-20296

CVSS v3.1

8.3

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.4.1 Splunk Enterprise versions prior to 10.2.5 Splunk Enterprise versions prior to 10.0.8 Splunk Enterprise versions prior to 9.4.13 Splunk Cloud Platform versions prior to 10.5.2605.0 Splunk Cloud Platform versions prior to 10.4.2604.7 Splunk Cloud Platform versions prior to 10.3.2512.16 Splunk Cloud Platform versions prior to 10.2.2510.18 Splunk Cloud Platform versions prior to 10.1.2507.24
Description An attacker can trick a user with the list deployment server capability into executing arbitrary Search Processing Language (SPL) searches as the splunk-system-user. This could lead to unauthorized access to indexed data and stored credentials. The issue occurs because Deployment Server endpoints in Splunk Web fail to validate Cross-Site Request Forgery (CSRF) tokens on GET requests and do not correctly neutralize caller-supplied input before incorporating it into an SPL search.
Recommendations Update Splunk Enterprise to version 10.4.1 or later. Update Splunk Enterprise to version 10.2.5 or later. Update Splunk Enterprise to version 10.0.8 or later. Update Splunk Enterprise to version 9.4.13 or later. Update Splunk Cloud Platform to version 10.5.2605.0 or later. Update Splunk Cloud Platform to version 10.4.2604.7 or later. Update Splunk Cloud Platform to version 10.3.2512.16 or later. Update Splunk Cloud Platform to version 10.2.2510.18 or later. Update Splunk Cloud Platform to version 10.1.2507.24 or later.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-20296

Affected Products

Splunk Cloud Platform
Splunk Enterprise