Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-20297— Path Traversal through 'explicit_appname' in the App Install REST Endpoint in Splunk Enterprise

CVSS 7.2 · High
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-20297

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Path Traversal through 'explicit_appname' in the App Install REST Endpoint in Splunk Enterprise
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the `edit_local_apps` and `install_apps` capabilities could cause a legitimate app installation to write files outside the intended app directory, into `$SPLUNK_HOME/etc/` and its subdirectories.<br><br>The vulnerability is caused by a path traversal in the app installation workflow, which does not restrict the installation path to the intended app directory.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
SplunkSplunk Enterprise 10.4 ~ 10.4.1 -
SplunkSplunk Cloud Platform 10.5.2605 ~ 10.5.2605.0 -

II. Public POCs for CVE-2026-20297

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-20297

登录查看更多情报信息。

Vendor Advisories for CVE-2026-20297 (1)

Same Patch Batch · Splunk · 2026-07-15 · 3 CVEs total

CVE-2026-202968.3 HIGHSPL Command Safeguards Bypass through Cross-Site Request Forgery (CSRF) in Deployment Serv
CVE-2026-202985.3 MEDIUMSensitive Information Disclosure through the storage/passwords REST Endpoint in Splunk Ent

IV. Related Vulnerabilities

V. Comments for CVE-2026-20297

No comments yet


Leave a comment