Server-Side Request Forgery in Splunk Enterprise and Splunk Cloud Platform
CVE-2026-20252
Key Information:
- Vendor
Splunk
- Vendor
- CVE Published:
- 10 June 2026
What is CVE-2026-20252?
A security flaw has been identified in Splunk Enterprise and Splunk Cloud Platform, where low-privileged users can exploit the Dashboard Studio PDF export functionality. This vulnerability arises due to improper trusted-domain validation, allowing potential attackers to send requests to internal systems using crafted subdomains. The issue is compounded by the PDF export service's automatic HTTP redirect handling, which does not adequately verify targets against a secure allowlist. This can lead to unintended access to internal resources, highlighting the importance of updating to secure versions.
Affected Version(s)
Splunk Cloud Platform 10.4.2604 < 10.4.2604.3
Splunk Cloud Platform 10.3.2512 < 10.3.2512.12
Splunk Cloud Platform 10.2.2510 < 10.2.2510.14