CVE-2026-20137

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-20137
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky commands when they create a Data Model that contains an injected SPL query within an object. They can bypass the safeguards by exploiting a path traversal vulnerability.

3.5 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://advisory.splunk.com/advisories/SVD-2026-0202 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:splunk:splunk_cloud_platform:10.1.2507:*:*:*:*:*:*:*
History

20 Feb 2026, 13:53

Type Values Removed Values Added
First Time Splunk splunk
Splunk
Splunk splunk Cloud Platform
CWE CWE-22
Summary
  • (es) En las versiones de Splunk Enterprise anteriores a 10.2.0, 10.0.3, 9.4.5, 9.3.7 y 9.2.9, y en las versiones de Splunk Cloud Platform anteriores a 10.1.2507.0, 10.0.2503.9, 9.3.2411.112 y 9.3.2408.122, un usuario con pocos privilegios que no posea los roles de Splunk 'admin' o 'power' podría eludir las salvaguardas de SPL para comandos arriesgados cuando crea un Modelo de Datos que contiene una consulta SPL inyectada dentro de un objeto. Puede eludir las salvaguardas explotando una vulnerabilidad de salto de ruta.
CPE cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:splunk:splunk_cloud_platform:10.1.2507:*:*:*:*:*:*:*
References () https://advisory.splunk.com/advisories/SVD-2026-0202 - () https://advisory.splunk.com/advisories/SVD-2026-0202 - Vendor Advisory

18 Feb 2026, 18:24

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-18 18:24

Updated : 2026-02-20 13:53

NVD link : CVE-2026-20137

Mitre link : CVE-2026-20137

CVE.ORG link : CVE-2026-20137

JSON object : View

Products Affected

splunk

  • splunk_cloud_platform
  • splunk
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')