Access Control Flaw in Splunk Enterprise and Cloud Platform
CVE-2026-20203

4.3MEDIUM

Key Information:

Vendor

Splunk
Status
Splunk Enterprise
Splunk Cloud Platform
Vendor
CVE Published:
15 April 2026

What is CVE-2026-20203?

A vulnerability exists in Splunk Enterprise and Splunk Cloud Platform where low-privileged users, lacking admin or power roles, can manipulate Data Model Acceleration settings due to insufficient access controls. This misconfiguration allows users with write permissions on the app to enable or disable critical performance features, potentially impacting data processing integrity.

Affected Version(s)

Splunk Cloud Platform 10.4.2603

Splunk Cloud Platform 10.3.2512 < 10.3.2512.6

Splunk Cloud Platform 10.2.2510 < 10.2.2510.10

References

https://advisory.splunk.com/advisories/SVD-2026-0402

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Mr Hack (try_to_hack) Santiago Lopez
.