CVE-2026-20165

EUVD-2026-11232
In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve sensitive information by inspecting the job's search log due to improper access control in the MongoClient logging channel.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
splunksplunk
9.3.0 ≤
𝑥
< 9.3.10
splunksplunk
9.4.0 ≤
𝑥
< 9.4.9
splunksplunk
10.0.0 ≤
𝑥
< 10.0.4
splunksplunk
10.2.0
splunksplunk_cloud_platform
9.3.2411 ≤
𝑥
< 9.3.2411.124
splunksplunk_cloud_platform
10.0.2503 ≤
𝑥
< 10.0.2503.12
splunksplunk_cloud_platform
10.1.2507 ≤
𝑥
< 10.1.2507.17
splunksplunk_cloud_platform
10.2.2510 ≤
𝑥
< 10.2.2510.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://advisory.splunk.com/advisories/SVD-2026-0304