CVE-2026-20137
18.02.2026, 18:24
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky commands when they create a Data Model that contains an injected SPL query within an object. They can bypass the safeguards by exploiting a path traversal vulnerability.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| splunk | splunk | 9.2.0 ≤ 𝑥 < 9.2.9 |
| splunk | splunk | 9.3.0 ≤ 𝑥 < 9.3.7 |
| splunk | splunk | 9.4.0 ≤ 𝑥 < 9.4.5 |
| splunk | splunk | 10.0.0 ≤ 𝑥 < 10.0.3 |
| splunk | splunk_cloud_platform | 9.3.2408 ≤ 𝑥 < 9.3.2408.122 |
| splunk | splunk_cloud_platform | 9.3.2411 ≤ 𝑥 < 9.3.2411.112 |
| splunk | splunk_cloud_platform | 10.0.2503 ≤ 𝑥 < 10.0.2503.9 |
| splunk | splunk_cloud_platform | 10.1.2507 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Vulnerability Media Exposure