CVE-2026-20297

EUVD-2026-44736
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the `edit_local_apps` and `install_apps` capabilities could cause a legitimate app installation to write files outside the intended app directory, into `$SPLUNK_HOME/etc/` and its subdirectories.<br><br>The vulnerability is caused by a path traversal in the app installation workflow, which does not restrict the installation path to the intended app directory.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
ciscoCNA
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
splunksplunk
10.4 ≤
𝑥
< 10.4.1
CNA
splunksplunk
10.2 ≤
𝑥
< 10.2.5
CNA
splunksplunk
10.0 ≤
𝑥
< 10.0.8
CNA
splunksplunk
9.4 ≤
𝑥
< 9.4.13
CNA
splunksplunk
9.3 ≤
𝑥
< 9.3.14
CNA
splunksplunk
10.5.2605 ≤
𝑥
< 10.5.2605.0
CNA
splunksplunk
10.4.2604 ≤
𝑥
< 10.4.2604.6
CNA
splunksplunk
10.2.2510 ≤
𝑥
< 10.2.2510.18
CNA
splunksplunk
10.1.2507 ≤
𝑥
< 10.1.2507.24
CNA