Denial of Service Vulnerability in Splunk Enterprise and Splunk Cloud Platform
CVE-2026-20240

7.1HIGH

Key Information:

Vendor: Splunk
Status: Splunk Enterprise; Splunk Cloud Platform
Vendor: CVE Published:; 20 May 2026

What is CVE-2026-20240?

In specific versions of Splunk Enterprise and Splunk Cloud Platform, a vulnerability exists within the 'coldToFrozen.sh' script of the 'splunk_archiver' app. This vulnerability allows a low-privileged user to exploit lack of input validation, leading to the renaming of critical directories within Splunk. As a result, this can cause the instance to become non-functional due to a Denial of Service condition. The risk is heightened as unauthorized users can manipulate file paths, which may compromise the stability and availability of the Splunk services.

Affected Version(s)

Splunk Cloud Platform 10.4.2603 < 10.4.2603.1

Splunk Cloud Platform 10.3.2512 < 10.3.2512.9

Splunk Cloud Platform 10.2.2510 < 10.2.2510.11

References

https://advisory.splunk.com/advisories/SVD-2026-0504

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2026
Vulnerability Reserved
Oct 8, 2025

Credit

Alex Hordijk (hordalex)

CVE-2026-20240 Data

JSON