CVE-2026-20257— Improper Input Validation through Classic Dashboard CSS in Splunk Enterprise
Possible ATT&CK Techniques 3AI
T1189 · Drive-by Compromise T1005 · Data from Local System T1530 · Data from Cloud StorageAffected Version Matrix 8
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Splunk | Splunk Cloud Platform | 10.3.2512< 10.3.2512.13 | affected |
10.2.2510< 10.2.2510.15 | affected | ||
10.1.2507< 10.1.2507.23 | affected | ||
9.3.2411< 9.3.2411.132 | affected | ||
| Splunk | Splunk Enterprise | 10.2< 10.2.4 | affected |
10.0< 10.0.7 | affected | ||
9.4< 9.4.12 | affected | ||
9.3< 9.3.13 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-20257
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Input Validation through Classic Dashboard CSS in Splunk Enterprise
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a classic dashboard that exfiltrates sensitive data from the browser of a higher-privileged user who views it. The exfiltration is possible because classic dashboard panels do not fully validate style attribute values, which can allow for requests to reach external domains outside the configured Trusted Domains List. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Splunk Cloud Platform和Splunk Enterprise 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Splunk Cloud Platform和Splunk Enterprise都是美国Splunk公司的产品。Splunk Cloud Platform是一个强大的数据收集、处理和分析服务。Splunk Enterprise是一套数据收集分析软件。 Splunk Cloud Platform和Splunk Enterprise存在输入验证错误漏洞,该漏洞源于经典仪表盘面板未完全验证样式属性值,可能导致低权限用户通过特制仪表盘从高权限用户浏览器窃取敏感数据。以下产品及版本受到影响:Splunk Enterp
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Splunk | Splunk Enterprise | 10.2 ~ 10.2.4 | - | |
| Splunk | Splunk Cloud Platform | 10.3.2512 ~ 10.3.2512.13 | - |
II. Public POCs for CVE-2026-20257
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-20257
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-20257 (1)
Same Patch Batch · Splunk · 2026-06-10 · 10 CVEs total
| CVE-2026-20253 | 9.8 CRITICAL | Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service End |
| CVE-2026-20251 | 8.8 HIGH | Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway |
| CVE-2026-20252 | 7.6 HIGH | Server-Side Request Forgery (SSRF) through Dashboard Studio PDF Export in Splunk Enterpris |
| CVE-2026-20258 | 7.1 HIGH | Stored Cross-Site Scripting (XSS) through Classic Dashboard in Splunk Enterprise |
| CVE-2026-20254 | 5.7 MEDIUM | Information Disclosure through External Content Restriction Bypass in Splunk Enterprise |
| CVE-2026-20255 | 5.7 MEDIUM | Improper Input Validation through Classic Dashboards in Splunk Enterprise |
| CVE-2026-20256 | 5.7 MEDIUM | Improper Input Validation through Protocol-Relative URL in Classic Dashboards in Splunk En |
| CVE-2026-20259 | 5.5 MEDIUM | Improper Access Control in Splunk Enterprise |
| CVE-2026-20260 | 4.3 MEDIUM | Log Injection through HTTP Request Paths in Splunk SOAR |
IV. Related Vulnerabilities
Same product: Splunk Enterprise
- CVE-2026-20258
Stored Cross-Site Scripting (XSS) through Classic Dashboard - CVE-2026-20253
Unauthenticated Arbitrary File Creation and Truncation in a - CVE-2026-20252
Server-Side Request Forgery (SSRF) through Dashboard Studio - CVE-2026-20259
Improper Access Control in Splunk Enterprise - CVE-2026-20255
Improper Input Validation through Classic Dashboards in Splu
Same vendor: Splunk
- CVE-2026-20266
OS Command Injection in the btool Configuration Helper in Sp - CVE-2026-20265
Insecure Default Domain Allowlist in Splunk AI Toolkit - CVE-2026-20258
Stored Cross-Site Scripting (XSS) through Classic Dashboard - CVE-2026-20253
Unauthenticated Arbitrary File Creation and Truncation in a - CVE-2026-20260
Log Injection through HTTP Request Paths in Splunk SOAR
Same weakness: CWE-20
- CVE-2026-13434
Virt-controller-rhel9: kubevirt: kubevirt: multus default-ne - CVE-2026-52801
Gogs: Ability to import local repositories via Mirror Settin - CVE-2025-64719
Gogs: Denial of Service in repository/wiki file listing web - CVE-2026-13024
Chrome <149.0.7827.197 导航输入验证不足致站点隔离绕过 - CVE-2026-13025
Chrome<149.0.7827.197 DevTools竞态条件致沙箱逃逸
V. Comments for CVE-2026-20257
No comments yet