PT-2026-60233 · Splunk · Splunk Cloud Platform+1
Published
2026-07-15
·
Updated
2026-07-15
·
CVE-2026-20296
CVSS v3.1
8.3
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
Splunk Enterprise versions prior to 10.4.1
Splunk Enterprise versions prior to 10.2.5
Splunk Enterprise versions prior to 10.0.8
Splunk Enterprise versions prior to 9.4.13
Splunk Cloud Platform versions prior to 10.5.2605.0
Splunk Cloud Platform versions prior to 10.4.2604.7
Splunk Cloud Platform versions prior to 10.3.2512.16
Splunk Cloud Platform versions prior to 10.2.2510.18
Splunk Cloud Platform versions prior to 10.1.2507.24
Description
An attacker can trick a user with the
list deployment server capability into executing arbitrary Search Processing Language (SPL) searches as the splunk-system-user. This could lead to unauthorized access to indexed data and stored credentials. The issue occurs because Deployment Server endpoints in Splunk Web fail to validate Cross-Site Request Forgery (CSRF) tokens on GET requests and do not correctly neutralize caller-supplied input before incorporating it into an SPL search.Recommendations
Update Splunk Enterprise to version 10.4.1 or later.
Update Splunk Enterprise to version 10.2.5 or later.
Update Splunk Enterprise to version 10.0.8 or later.
Update Splunk Enterprise to version 9.4.13 or later.
Update Splunk Cloud Platform to version 10.5.2605.0 or later.
Update Splunk Cloud Platform to version 10.4.2604.7 or later.
Update Splunk Cloud Platform to version 10.3.2512.16 or later.
Update Splunk Cloud Platform to version 10.2.2510.18 or later.
Update Splunk Cloud Platform to version 10.1.2507.24 or later.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Splunk Cloud Platform
Splunk Enterprise