7.5

CVE-2026-20239

Medienbericht

Sensitive Information Disclosure through Log Files in Splunk Enterprise

In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_internal` index could view session cookies and response bodies that contain sensitive data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SplunkSplunk SwEditionenterprise Version >= 10.0.0 < 10.0.5
SplunkSplunk SwEditionenterprise Version >= 10.2.0 < 10.2.2
SplunkSplunk Cloud Platform Version >= 10.0.2503 < 10.0.2503.13
SplunkSplunk Cloud Platform Version >= 10.1.2507 < 10.1.2507.21
SplunkSplunk Cloud Platform Version >= 10.2.2510 < 10.2.2510.11
SplunkSplunk Cloud Platform Version >= 10.3.2512 < 10.3.2512.8
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.49% 0.379
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
psirt@cisco.com 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
05.06.2026 12:44
https://advisory.splunk.com/advisories/SVD-2026-0503
Vendor Advisory