CVE-2026-20144

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-20144
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for Attribute query requests (AQRs) or Authentication extensions in plain text within the conf.log file, depending on which feature is configured.

6.8 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://advisory.splunk.com/advisories/SVD-2026-0209 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*
History

23 Feb 2026, 14:43

Type Values Removed Values Added
References () https://advisory.splunk.com/advisories/SVD-2026-0209 - () https://advisory.splunk.com/advisories/SVD-2026-0209 - Vendor Advisory
CPE cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*
Summary
  • (es) En las versiones de Splunk Enterprise anteriores a 10.2.0, 10.0.2, 9.4.7, 9.3.8 y 9.2.11, y en las versiones de Splunk Cloud Platform anteriores a 10.2.2510.0, 10.1.2507.11, 10.0.2503.9 y 9.3.2411.120, un usuario de una implementación de Splunk Search Head Cluster (SHC) que posee un rol con acceso al índice _internal de Splunk podría ver las configuraciones de Security Assertion Markup Language (SAML) para solicitudes de consulta de atributos (AQRs) o extensiones de autenticación en texto sin formato dentro del archivo conf.log, dependiendo de qué característica esté configurada.
First Time Splunk splunk
Splunk
Splunk splunk Cloud Platform

18 Feb 2026, 18:24

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-18 18:24

Updated : 2026-02-23 14:43

NVD link : CVE-2026-20144

Mitre link : CVE-2026-20144

CVE.ORG link : CVE-2026-20144

JSON object : View

Products Affected

splunk

  • splunk_cloud_platform
  • splunk
CWE
CWE-532

Insertion of Sensitive Information into Log File