Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Splunk — Vulnerabilities & Security Advisories 155

Browse all 155 CVE security advisories affecting Splunk. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Splunk:Splunk EnterpriseSplunk Add-on BuilderSplunk App for Lookup File EditingSplunk Enterprise Security (ES)Splunk MCP ServerSplunk App for StreamSplunk SOAR (On-premises)Splunk ITSISplunk App for SOARSplunk Supporting Add-on for Active DirectorySplunk/UniversalForwarder for WindowsSplunk Add-on for Palo Alto Networks
CVE IDTitleCVSSSeverityPublished
CVE-2026-20205 Sensitive Information Disclosure in ''_internal'' index in Splunk MCP Server app — Splunk MCP ServerCWE-532 7.2 High2026-04-15
CVE-2026-20203 Improper Access Control in Data Model Acceleration in Splunk Enterprise — Splunk EnterpriseCWE-284 4.3 Medium2026-04-15
CVE-2026-20204 Improper Handling and Insufficient Isolation of Specific Temporary Files in Splunk Enterprise — Splunk EnterpriseCWE-377 7.1 High2026-04-15
CVE-2026-20202 Improper Input Validation during User Account Creation in Splunk Enterprise — Splunk EnterpriseCWE-176 6.6 Medium2026-04-15
CVE-2026-20163 Remote Command Execution (RCE) through the '/splunkd/__upload/indexing/preview' REST endpoint in Splunk Enterprise — Splunk EnterpriseCWE-77 8.0 High2026-03-11
CVE-2026-20162 Stored Cross-Site Scripting (XSS) through Path Traversal in Splunk Enterprise — Splunk EnterpriseCWE-79 6.3 Medium2026-03-11
CVE-2026-20166 Sensitive Information Disclosure in Discover Splunk Observability Cloud app for Splunk Enterprise — Splunk EnterpriseCWE-200 5.4 Medium2026-03-11
CVE-2026-20164 Sensitive Information Disclosure through Improper Access Control in Splunk Enterprise — Splunk EnterpriseCWE-200 6.5 Medium2026-03-11
CVE-2026-20165 Sensitive Information Disclosure in MongoClient logging channel in Splunk Enterprise — Splunk EnterpriseCWE-532 6.3 Medium2026-03-11
CVE-2026-20142 Sensitive Information Disclosure in "_internal" index in Splunk Enterprise — Splunk EnterpriseCWE-532 6.8 Medium2026-02-18
CVE-2026-20138 Sensitive Information Disclosure in "_internal" index in Splunk Enterprise — Splunk EnterpriseCWE-532 6.8 Medium2026-02-18
CVE-2026-20139 Client-Side Denial of Service (DoS) through ''/splunkd/__raw/services/authentication/users/username'' REST API endpoint in Splunk Enterprise — Splunk EnterpriseCWE-400 4.3 Medium2026-02-18
CVE-2026-20144 Sensitive Information Disclosure in ''_internal'' index in Splunk Enterprise — Splunk EnterpriseCWE-532 6.8 Medium2026-02-18
CVE-2026-20141 Improper Access Control in Splunk Monitoring Console App — Splunk EnterpriseCWE-200 4.3 Medium2026-02-18
CVE-2026-20137 Risky Commands Safeguards Bypass through preloaded Data Models due to Path Traversal vulnerability in Splunk Enterprise — Splunk EnterpriseCWE-200 3.5 Low2026-02-18
CVE-2025-20388 Blind Server Side Request Forgery (SSRF) through Distributed Search Peers in Splunk Enterprise — Splunk EnterpriseCWE-918 2.7 Low2025-12-03
CVE-2025-20389 Improper Input Validation in "label" column field in Splunk Secure Gateway App — Splunk EnterpriseCWE-20 4.3 Medium2025-12-03
CVE-2025-20387 Incorrect permissions assignment on Splunk Universal Forwarder for Windows during new installation or upgrade — Splunk EnterpriseCWE-732 8.0 High2025-12-03
CVE-2025-20383 Improper access control through push notifications for reports and alerts in Splunk Secure Gateway app — Splunk EnterpriseCWE-200 4.3 Medium2025-12-03
CVE-2025-20384 Unauthenticated Log Injection in Splunk Enterprise — Splunk EnterpriseCWE-117 5.3 Medium2025-12-03
CVE-2025-20386 Incorrect permission assignment on Splunk Enterprise for Windows during new installation or upgrade — Splunk EnterpriseCWE-732 8.0 High2025-12-03
CVE-2025-20385 Stored Cross-Site scripting (XSS) through Anchor Tag "href" in Navigation Bar Collections in Splunk Enterprise — Splunk EnterpriseCWE-79 2.4 Low2025-12-03
CVE-2025-20381 SPL commands allowlist controls bypass in Splunk MCP Server app through "run_splunk_query" MCP tool — Splunk MCP ServerCWE-863 5.4 Medium2025-12-03
CVE-2025-20382 URL validation bypass through Views Dashboard in Splunk Enterprise — Splunk EnterpriseCWE-601 3.5 Low2025-12-03
CVE-2025-20373 Sensitive Information Disclosure in “_internal“ index through Splunk Add-On for Palo Alto Networks — Splunk Add-on for Palo Alto NetworksCWE-532 2.7 Low2025-11-26
CVE-2025-20379 Risky command safeguards bypass using the “/services/streams/search“ REST endpoint through “q“ parameter in Splunk Enterprise — Splunk EnterpriseCWE-200 3.5 Low2025-11-12
CVE-2025-20378 Open Redirect on Web Login endpoint in Splunk Enterprise — Splunk EnterpriseCWE-601 3.1 Low2025-11-12
CVE-2025-20368 Stored Cross-Site Scripting (XSS) through missing field warning messages in Saved Search and Job Inspector on Splunk Enterprise — Splunk EnterpriseCWE-79 5.7 Medium2025-10-01
CVE-2025-20371 Unauthenticated Blind Server Side Request Forgery (SSRF) in Splunk Enterprise — Splunk EnterpriseCWE-918 7.5 High2025-10-01
CVE-2025-20367 Reflected Cross-site Scripting (XSS) in '/app/search/table' endpoint through the 'dataset.command' parameter on Splunk Enterprise — Splunk EnterpriseCWE-79 5.7 Medium2025-10-01

This page lists every published CVE security advisory associated with Splunk. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.