Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Splunk Enterprise — Vulnerabilities & Security Advisories 147

All 147 CVE vulnerabilities found in Splunk Enterprise, with AI-generated Chinese analysis, references, and POCs.

Vendor: Splunk Inc.

CVE IDTitleCVSSSeverityPublished
CVE-2026-20203 Improper Access Control in Data Model Acceleration in Splunk Enterprise CWE-284 4.3 Medium2026-04-15
CVE-2026-20204 Improper Handling and Insufficient Isolation of Specific Temporary Files in Splunk Enterprise CWE-377 7.1 High2026-04-15
CVE-2026-20202 Improper Input Validation during User Account Creation in Splunk Enterprise CWE-176 6.6 Medium2026-04-15
CVE-2026-20163 Remote Command Execution (RCE) through the '/splunkd/__upload/indexing/preview' REST endpoint in Splunk Enterprise CWE-77 8.0 High2026-03-11
CVE-2026-20162 Stored Cross-Site Scripting (XSS) through Path Traversal in Splunk Enterprise CWE-79 6.3 Medium2026-03-11
CVE-2026-20166 Sensitive Information Disclosure in Discover Splunk Observability Cloud app for Splunk Enterprise CWE-200 5.4 Medium2026-03-11
CVE-2026-20164 Sensitive Information Disclosure through Improper Access Control in Splunk Enterprise CWE-200 6.5 Medium2026-03-11
CVE-2026-20165 Sensitive Information Disclosure in MongoClient logging channel in Splunk Enterprise CWE-532 6.3 Medium2026-03-11
CVE-2026-20142 Sensitive Information Disclosure in "_internal" index in Splunk Enterprise CWE-532 6.8 Medium2026-02-18
CVE-2026-20138 Sensitive Information Disclosure in "_internal" index in Splunk Enterprise CWE-532 6.8 Medium2026-02-18
CVE-2026-20139 Client-Side Denial of Service (DoS) through ''/splunkd/__raw/services/authentication/users/username'' REST API endpoint in Splunk Enterprise CWE-400 4.3 Medium2026-02-18
CVE-2026-20144 Sensitive Information Disclosure in ''_internal'' index in Splunk Enterprise CWE-532 6.8 Medium2026-02-18
CVE-2026-20141 Improper Access Control in Splunk Monitoring Console App CWE-200 4.3 Medium2026-02-18
CVE-2026-20137 Risky Commands Safeguards Bypass through preloaded Data Models due to Path Traversal vulnerability in Splunk Enterprise CWE-200 3.5 Low2026-02-18
CVE-2025-20388 Blind Server Side Request Forgery (SSRF) through Distributed Search Peers in Splunk Enterprise CWE-918 2.7 Low2025-12-03
CVE-2025-20389 Improper Input Validation in "label" column field in Splunk Secure Gateway App CWE-20 4.3 Medium2025-12-03
CVE-2025-20387 Incorrect permissions assignment on Splunk Universal Forwarder for Windows during new installation or upgrade CWE-732 8.0 High2025-12-03
CVE-2025-20383 Improper access control through push notifications for reports and alerts in Splunk Secure Gateway app CWE-200 4.3 Medium2025-12-03
CVE-2025-20384 Unauthenticated Log Injection in Splunk Enterprise CWE-117 5.3 Medium2025-12-03
CVE-2025-20386 Incorrect permission assignment on Splunk Enterprise for Windows during new installation or upgrade CWE-732 8.0 High2025-12-03
CVE-2025-20385 Stored Cross-Site scripting (XSS) through Anchor Tag "href" in Navigation Bar Collections in Splunk Enterprise CWE-79 2.4 Low2025-12-03
CVE-2025-20382 URL validation bypass through Views Dashboard in Splunk Enterprise CWE-601 3.5 Low2025-12-03
CVE-2025-20379 Risky command safeguards bypass using the “/services/streams/search“ REST endpoint through “q“ parameter in Splunk Enterprise CWE-200 3.5 Low2025-11-12
CVE-2025-20378 Open Redirect on Web Login endpoint in Splunk Enterprise CWE-601 3.1 Low2025-11-12
CVE-2025-20368 Stored Cross-Site Scripting (XSS) through missing field warning messages in Saved Search and Job Inspector on Splunk Enterprise CWE-79 5.7 Medium2025-10-01
CVE-2025-20371 Unauthenticated Blind Server Side Request Forgery (SSRF) in Splunk Enterprise CWE-918 7.5 High2025-10-01
CVE-2025-20367 Reflected Cross-site Scripting (XSS) in '/app/search/table' endpoint through the 'dataset.command' parameter on Splunk Enterprise CWE-79 5.7 Medium2025-10-01
CVE-2025-20370 Denial of Service (DoS) through Multiple LDAP Bind Requests in Splunk Enterprise CWE-400 4.9 Medium2025-10-01
CVE-2025-20366 Improper Access Control in Background Job Submission in Splunk Enterprise CWE-284 6.5 Medium2025-10-01
CVE-2025-20369 Extensible Markup Language (XML) External Entity Injection (XXE) through Dashboard label field on Splunk Enterprise CWE-776 4.6 Medium2025-10-01

All 147 known CVE vulnerabilities affecting Splunk Enterprise with full Chinese analysis, references, and POCs where available.