CVE-2026-20139

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-20139
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload into the `realname`, `tz`, or `email` parameters of the `/splunkd/__raw/services/authentication/users/username` REST API endpoint when they change a password. This could potentially lead to a client‑side denial‑of‑service (DoS). The malicious payload might significantly slow page load times or render Splunk Web temporarily unresponsive.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://advisory.splunk.com/advisories/SVD-2026-0204 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*
History

20 Feb 2026, 13:47

Type Values Removed Values Added
References () https://advisory.splunk.com/advisories/SVD-2026-0204 - () https://advisory.splunk.com/advisories/SVD-2026-0204 - Vendor Advisory
First Time Splunk splunk
Splunk
Splunk splunk Cloud Platform
CPE cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*
Summary
  • (es) En las versiones de Splunk Enterprise anteriores a 10.2.0, 10.0.2, 9.4.8, 9.3.9 y 9.2.12, y en las versiones de Splunk Cloud Platform anteriores a 10.2.2510.3, 10.1.2507.8, 10.0.2503.9 y 9.3.2411.121, un usuario con pocos privilegios que no posea los roles de Splunk 'admin' o 'power' podría crear una carga útil maliciosa en los parámetros `realname`, `tz` o `email` del endpoint de la API REST `/splunkd/__raw/services/authentication/users/username` cuando cambian una contraseña. Esto podría, potencialmente, provocar una denegación de servicio (DoS) del lado del cliente. La carga útil maliciosa podría ralentizar significativamente los tiempos de carga de la página o hacer que Splunk Web no responda temporalmente.

18 Feb 2026, 18:24

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-18 18:24

Updated : 2026-02-20 13:47

NVD link : CVE-2026-20139

Mitre link : CVE-2026-20139

CVE.ORG link : CVE-2026-20139

JSON object : View

Products Affected

splunk

  • splunk_cloud_platform
  • splunk
CWE
CWE-400

Uncontrolled Resource Consumption