PT-2026-60234 · Splunk · Splunk Cloud Platform+1

Published

2026-07-15

·

Updated

2026-07-15

·

CVE-2026-20297

CVSS v3.1

7.2

High

VectorAV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the edit local apps and install apps capabilities could cause a legitimate app installation to write files outside the intended app directory, into $SPLUNK HOME/etc/ and its subdirectories.

The vulnerability is caused by a path traversal in the app installation workflow, which does not restrict the installation path to the intended app directory.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-20297

Affected Products

Splunk Cloud Platform
Splunk Enterprise