Path Traversal Vulnerability in Splunk Enterprise and Splunk Cloud Platform
CVE-2026-20137

3.5LOW

Key Information:

Vendor: Splunk
Status: Splunk Enterprise; Splunk Cloud Platform
Vendor: CVE Published:; 18 February 2026

What is CVE-2026-20137?

In affected versions of Splunk Enterprise and Splunk Cloud Platform, a low-privileged user can exploit a path traversal vulnerability to evade SPL safeguards for risky commands. This exploit can occur when creating a Data Model containing an injected SPL query, allowing unauthorized access to potentially sensitive operations and data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Splunk Cloud Platform 10.1.2507 < 10.1.2507.0

Splunk Cloud Platform 10.0 < 10.0.2503.9

Splunk Cloud Platform 9.3.2411 < 9.3.2411.112

References

https://advisory.splunk.com/advisories/SVD-2026-0202

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 18, 2026
Vulnerability Reserved
Oct 8, 2025

Credit

Anton (therceman)

JSON

Splunk