Browse all 155 CVE security advisories affecting Splunk. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Splunk operates primarily as a data analytics platform designed for searching, monitoring, and analyzing machine-generated big data via a web interface. Its architecture, which integrates complex data ingestion pipelines with extensive third-party app ecosystems, has historically exposed it to diverse vulnerability classes. Recorded Common Vulnerabilities and Exposures (CVEs) frequently involve remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from improper input validation or insecure default configurations in its web components. While no single catastrophic breach defines its history, the sheer volume of disclosed flaws highlights systemic risks in its expansive feature set. Security practitioners must rigorously patch these instances, as the platform’s central role in enterprise observability makes unmitigated vulnerabilities particularly impactful. The current count of 155 CVEs underscores the necessity for continuous configuration auditing and strict access controls to maintain integrity within organizations relying on this infrastructure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-42743 | Local privilege escalation via a default path in Splunk Enterprise Windows — Splunk EnterpriseCWE-427 | 8.8 | High | 2022-05-06 |
| CVE-2021-33845 | Username enumeration through lockout message in REST API — Splunk EnterpriseCWE-203 | 5.3 | Medium | 2022-05-06 |
| CVE-2021-31559 | S2S TcpToken authentication bypass — Splunk EnterpriseCWE-288 | 7.5 | High | 2022-05-06 |
| CVE-2021-26253 | Bypass of Splunk Enterprise's implementation of DUO MFA — Splunk EnterpriseCWE-287 | 8.1 | High | 2022-05-06 |
| CVE-2021-3422 | Indexer denial-of-service via malformed S2S request — Splunk EnterpriseCWE-125 | 7.5 | High | 2022-03-25 |
This page lists every published CVE security advisory associated with Splunk. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.