Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

CVE-2026-20259— Improper Access Control in Splunk Enterprise

CVSS 5.5 · Medium EPSS 0.19% · P9

Affected Version Matrix 7

VendorProductVersion RangeStatus
SplunkSplunk Cloud Platform10.3.2512< 10.3.2512.12affected
10.2.2510< 10.2.2510.15affected
10.1.2507< 10.1.2507.23affected
10.0.2503< 10.0.2503.14affected
9.3.2411< 9.3.2411.131affected
SplunkSplunk Enterprise10.2< 10.2.4affected
10.0< 10.0.7affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-20259

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Improper Access Control in Splunk Enterprise
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability `edit_saved_search_owner` could reassign saved search ownership to users outside their authorized scope. The ownership reassignment endpoint lacks access control.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
访问控制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Splunk Cloud Platform和Splunk Enterprise 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Splunk Cloud Platform和Splunk Enterprise都是美国Splunk公司的产品。Splunk Cloud Platform是一个强大的数据收集、处理和分析服务。Splunk Enterprise是一套数据收集分析软件。 Splunk Enterprise和Splunk Cloud Platform存在访问控制错误漏洞,该漏洞源于所有权重新分配端点缺乏访问控制,可能导致持有edit_saved_search_owner权限的用户将已保存搜索所有权重新分配给授权范围之外的用户。以
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
SplunkSplunk Enterprise 10.2 ~ 10.2.4 -
SplunkSplunk Cloud Platform 10.3.2512 ~ 10.3.2512.12 -

II. Public POCs for CVE-2026-20259

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-20259

登录查看更多情报信息。

Vendor Advisories for CVE-2026-20259 (1)

Same Patch Batch · Splunk · 2026-06-10 · 10 CVEs total

CVE-2026-202539.8 CRITICALUnauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service End
CVE-2026-202518.8 HIGHRemote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway
CVE-2026-202527.6 HIGHServer-Side Request Forgery (SSRF) through Dashboard Studio PDF Export in Splunk Enterpris
CVE-2026-202587.1 HIGHStored Cross-Site Scripting (XSS) through Classic Dashboard in Splunk Enterprise
CVE-2026-202545.7 MEDIUMInformation Disclosure through External Content Restriction Bypass in Splunk Enterprise
CVE-2026-202575.7 MEDIUMImproper Input Validation through Classic Dashboard CSS in Splunk Enterprise
CVE-2026-202555.7 MEDIUMImproper Input Validation through Classic Dashboards in Splunk Enterprise
CVE-2026-202565.7 MEDIUMImproper Input Validation through Protocol-Relative URL in Classic Dashboards in Splunk En
CVE-2026-202604.3 MEDIUMLog Injection through HTTP Request Paths in Splunk SOAR

IV. Related Vulnerabilities

Same product: Splunk Enterprise
Same vendor: Splunk
Same weakness: CWE-284

V. Comments for CVE-2026-20259

No comments yet

Leave a comment