7.2
CVE-2026-20163
- EPSS 0.07%
- Veröffentlicht 11.03.2026 16:18:26
- Zuletzt bearbeitet 12.03.2026 21:08:22
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that contains the high-privilege capability `edit_cmd` could execute arbitrary shell commands using the `unarchive_cmd` parameter for the `/splunkd/__upload/indexing/preview` REST endpoint.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSplunk
≫
Produkt
Splunk Enterprise
Version <
10.0.4
Version
10.0
Status
affected
Version <
9.4.9
Version
9.4
Status
affected
Version <
9.3.10
Version
9.3
Status
affected
HerstellerSplunk
≫
Produkt
Splunk Cloud Platform
Version <
10.2.2510.5
Version
10.2.2510
Status
affected
Version <
10.0.2503.12
Version
10.0.2503
Status
affected
Version <
10.1.2507.16
Version
10.1.2507
Status
affected
Version <
9.3.2411.124
Version
9.3.2411
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.221 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.