Server-Side Request Forgery in Splunk Enterprise and Splunk Cloud Platform
CVE-2026-20252

7.6HIGH

Key Information:

Vendor

Splunk

Vendor
CVE Published:
10 June 2026

What is CVE-2026-20252?

A security flaw has been identified in Splunk Enterprise and Splunk Cloud Platform, where low-privileged users can exploit the Dashboard Studio PDF export functionality. This vulnerability arises due to improper trusted-domain validation, allowing potential attackers to send requests to internal systems using crafted subdomains. The issue is compounded by the PDF export service's automatic HTTP redirect handling, which does not adequately verify targets against a secure allowlist. This can lead to unintended access to internal resources, highlighting the importance of updating to secure versions.

Affected Version(s)

Splunk Cloud Platform 10.4.2604 < 10.4.2604.3

Splunk Cloud Platform 10.3.2512 < 10.3.2512.12

Splunk Cloud Platform 10.2.2510 < 10.2.2510.14

References

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

M Mahdan Argya Syarif (0xbeludan)
.