CVE-2026-20255

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server. The vulnerability exists because URL validation on the external content dialog is incomplete, which can allow for requests to untrusted domains when a user interacts with a crafted dashboard.

CVSS v3 5.7 MEDIUM

5.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://advisory.splunk.com/advisories/SVD-2026-0605	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*

Configuration 2 (hide)

OR	cpe:2.3:a:splunk:splunk_cloud_platform::::::::
	cpe:2.3:a:splunk:splunk_cloud_platform::::::::
	cpe:2.3:a:splunk:splunk_cloud_platform::::::::
	cpe:2.3:a:splunk:splunk_cloud_platform::::::::

History

15 Jun 2026, 15:04

Type	Values Removed	Values Added
First Time		Splunk splunk Splunk Splunk splunk Cloud Platform
CPE		cpe:2.3:a:splunk:splunk_cloud_platform:::::::: cpe:2.3:a:splunk:splunk:::::enterprise:::*
References	~~() https://advisory.splunk.com/advisories/SVD-2026-0605 -~~	() https://advisory.splunk.com/advisories/SVD-2026-0605 - Vendor Advisory

10 Jun 2026, 18:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-06-10 18:16

Updated : 2026-06-17 10:17

NVD link : CVE-2026-20255

Mitre link : CVE-2026-20255

CVE.ORG link : CVE-2026-20255

JSON object : View

Products Affected

splunk

splunk_cloud_platform
splunk

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2026-20255", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-20255", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-10T18:25:06.072954Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "psirt@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}]}, "affected": [{"source": "psirt@cisco.com", "affectedData": [{"vendor": "Splunk", "product": "Splunk Enterprise", "versions": [{"status": "affected", "version": "10.2", "lessThan": "10.2.4", "versionType": "custom"}, {"status": "affected", "version": "10.0", "lessThan": "10.0.7", "versionType": "custom"}, {"status": "affected", "version": "9.4", "lessThan": "9.4.12", "versionType": "custom"}, {"status": "affected", "version": "9.3", "lessThan": "9.3.13", "versionType": "custom"}]}, {"vendor": "Splunk", "product": "Splunk Cloud Platform", "versions": [{"status": "affected", "version": "10.3.2512", "lessThan": "10.3.2512.13", "versionType": "custom"}, {"status": "affected", "version": "10.2.2510", "lessThan": "10.2.2510.15", "versionType": "custom"}, {"status": "affected", "version": "10.1.2507", "lessThan": "10.1.2507.23", "versionType": "custom"}, {"status": "affected", "version": "9.3.2411", "lessThan": "9.3.2411.132", "versionType": "custom"}]}]}], "published": "2026-06-10T18:16:41.010", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2026-0605", "tags": ["Vendor Advisory"], "source": "psirt@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@cisco.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server. \n\nThe vulnerability exists because URL validation on the external content dialog is incomplete, which can allow for requests to untrusted domains when a user interacts with a crafted dashboard."}], "lastModified": "2026-06-17T10:17:20.450", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "B9D80F1C-F849-4D62-B82A-6B8963EEEBFB", "versionEndExcluding": "9.3.13", "versionStartIncluding": "9.3.0"}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "423B8DF2-B7A5-41AA-9CFD-75B2FD503ACC", "versionEndExcluding": "9.4.12", "versionStartIncluding": "9.4.0"}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "0C9F1DED-280E-4C76-A867-A7A8FCBD1F7A", "versionEndExcluding": "10.0.7", "versionStartIncluding": "10.0.0"}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "E3B992C0-AD5E-43A1-BAA3-6B11FFD5D750", "versionEndExcluding": "10.2.4", "versionStartIncluding": "10.2.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88A68C7C-BE2C-465C-812B-8F211A8AE935", "versionEndExcluding": "9.3.2411.132", "versionStartIncluding": "9.3.2411"}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84E3B0CD-9909-4F06-9ABE-763705D501C3", "versionEndExcluding": "10.1.2507.23", "versionStartIncluding": "10.1.2507"}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71B91525-F2D6-4699-8D6B-8D375A8785EE", "versionEndExcluding": "10.2.2510.15", "versionStartIncluding": "10.2.2510"}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6387100F-0867-4B83-8071-BA1FCE023B2F", "versionEndExcluding": "10.3.2512.13", "versionStartIncluding": "10.3.2512"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@cisco.com"}