CVE-2026-20255— Improper Input Validation through Classic Dashboards in Splunk Enterprise
Affected Version Matrix 8
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Splunk | Splunk Cloud Platform | 10.3.2512< 10.3.2512.13 | affected |
10.2.2510< 10.2.2510.15 | affected | ||
10.1.2507< 10.1.2507.23 | affected | ||
9.3.2411< 9.3.2411.132 | affected | ||
| Splunk | Splunk Enterprise | 10.2< 10.2.4 | affected |
10.0< 10.0.7 | affected | ||
9.4< 9.4.12 | affected | ||
9.3< 9.3.13 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-20255
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Input Validation through Classic Dashboards in Splunk Enterprise
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server. The vulnerability exists because URL validation on the external content dialog is incomplete, which can allow for requests to untrusted domains when a user interacts with a crafted dashboard.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Splunk Cloud Platform和Splunk Enterprise 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Splunk Cloud Platform和Splunk Enterprise都是美国Splunk公司的产品。Splunk Cloud Platform是一个强大的数据收集、处理和分析服务。Splunk Enterprise是一套数据收集分析软件。 Splunk Cloud Platform和Splunk Enterprise存在输入验证错误漏洞,该漏洞源于外部内容对话框的URL验证不完整,可能导致低权限用户在与特制仪表盘交互时向不受信任域发送请求。以下产品及版本受到影响:Splunk Enterpris
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Splunk | Splunk Enterprise | 10.2 ~ 10.2.4 | - | |
| Splunk | Splunk Cloud Platform | 10.3.2512 ~ 10.3.2512.13 | - |
II. Public POCs for CVE-2026-20255
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-20255
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-20255 (1)
Same Patch Batch · Splunk · 2026-06-10 · 10 CVEs total
| CVE-2026-20253 | 9.8 CRITICAL | Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service End |
| CVE-2026-20251 | 8.8 HIGH | Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway |
| CVE-2026-20252 | 7.6 HIGH | Server-Side Request Forgery (SSRF) through Dashboard Studio PDF Export in Splunk Enterpris |
| CVE-2026-20258 | 7.1 HIGH | Stored Cross-Site Scripting (XSS) through Classic Dashboard in Splunk Enterprise |
| CVE-2026-20254 | 5.7 MEDIUM | Information Disclosure through External Content Restriction Bypass in Splunk Enterprise |
| CVE-2026-20257 | 5.7 MEDIUM | Improper Input Validation through Classic Dashboard CSS in Splunk Enterprise |
| CVE-2026-20256 | 5.7 MEDIUM | Improper Input Validation through Protocol-Relative URL in Classic Dashboards in Splunk En |
| CVE-2026-20259 | 5.5 MEDIUM | Improper Access Control in Splunk Enterprise |
| CVE-2026-20260 | 4.3 MEDIUM | Log Injection through HTTP Request Paths in Splunk SOAR |
IV. Related Vulnerabilities
Same product: Splunk Enterprise
- CVE-2026-20258
Stored Cross-Site Scripting (XSS) through Classic Dashboard - CVE-2026-20253
Unauthenticated Arbitrary File Creation and Truncation in a - CVE-2026-20252
Server-Side Request Forgery (SSRF) through Dashboard Studio - CVE-2026-20257
Improper Input Validation through Classic Dashboard CSS in S - CVE-2026-20259
Improper Access Control in Splunk Enterprise
Same vendor: Splunk
- CVE-2026-20266
OS Command Injection in the btool Configuration Helper in Sp - CVE-2026-20265
Insecure Default Domain Allowlist in Splunk AI Toolkit - CVE-2026-20258
Stored Cross-Site Scripting (XSS) through Classic Dashboard - CVE-2026-20253
Unauthenticated Arbitrary File Creation and Truncation in a - CVE-2026-20260
Log Injection through HTTP Request Paths in Splunk SOAR
Same weakness: CWE-20
- CVE-2026-48774
ProxySQL MCP run_sql_readonly executes side-effecting MySQL - CVE-2026-21768
HCL Verse for Android is susceptible to an injection vulnera - CVE-2026-39998
Apache APISIX: Identity Injection via forward-auth Plugin Mi - CVE-2025-58175
GeoServer has a Server-Side Request Forgery (SSRF) Vulnerabi - CVE-2026-12569
Remote Code Execution (RCE) vulnerability in Windchill PDMli
V. Comments for CVE-2026-20255
No comments yet