Input Validation Issue in Splunk Enterprise and Cloud Platform by Splunk
CVE-2026-20202

6.6MEDIUM

Key Information:

Vendor: Splunk
Status: Splunk Enterprise; Splunk Cloud Platform
Vendor: CVE Published:; 15 April 2026

What is CVE-2026-20202?

In certain versions of Splunk Enterprise and Splunk Cloud Platform, a vulnerability exists that allows a user with high-privilege capabilities to create a username that improperly handles null byte characters or non-UTF-8 percent-encoded bytes. This flaw arises from inadequate input validation, leading to potential issues in username storage and user account management, such as preventing affected users from being edited or deleted effectively. Organizations using these affected versions should take immediate steps to mitigate this risk by applying the necessary updates and monitoring their systems for unusual account activities.

Affected Version(s)

Splunk Cloud Platform 10.4.2603

Splunk Cloud Platform 10.3.2512 < 10.3.2512.6

Splunk Cloud Platform 10.2.2510 < 10.2.2510.10

References

https://advisory.splunk.com/advisories/SVD-2026-0401

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2026
Vulnerability Reserved
Oct 8, 2025

Credit

Ryan Luke<br><br>Mahfujur Rahman (mahfujwhh)

CVE-2026-20202 Data

JSON