CSS Injection Vulnerability in Splunk Enterprise and Cloud Platform
CVE-2026-20254
5.7MEDIUM
Key Information:
- Vendor
Splunk
- Vendor
- CVE Published:
- 10 June 2026
What is CVE-2026-20254?
In specific versions of Splunk Enterprise and Splunk Cloud Platform, a low-privileged user can exploit the CSS injection flaw to create a malicious classic dashboard. This crafted dashboard can lead to unauthorized data exfiltration when viewed by a user with higher privileges. The vulnerability arises from insufficient validation of inline style attributes in the Trusted Domains security check, allowing outbound requests to potentially unsafe domains, which can result in the leakage of sensitive information.
Affected Version(s)
Splunk Cloud Platform 10.3.2512 < 10.3.2512.13
Splunk Cloud Platform 10.2.2510 < 10.2.2510.15
Splunk Cloud Platform 10.1.2507 < 10.1.2507.23