CVE-2026-20239
EUVD-2026-3113920.05.2026, 18:16
In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_internal` index could view session cookies and response bodies that contain sensitive data.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| splunk | splunk | 10.0.0 ≤ 𝑥 < 10.0.5 |
| splunk | splunk | 10.2.0 ≤ 𝑥 < 10.2.2 |
| splunk | splunk_cloud_platform | 10.0.2503 ≤ 𝑥 < 10.0.2503.13 |
| splunk | splunk_cloud_platform | 10.1.2507 ≤ 𝑥 < 10.1.2507.21 |
| splunk | splunk_cloud_platform | 10.2.2510 ≤ 𝑥 < 10.2.2510.11 |
| splunk | splunk_cloud_platform | 10.3.2512 ≤ 𝑥 < 10.3.2512.8 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
Vulnerability Media Exposure