CSS Injection Vulnerability in Splunk Enterprise and Cloud Platform
CVE-2026-20254

5.7MEDIUM

Key Information:

Vendor

Splunk

Vendor
CVE Published:
10 June 2026

What is CVE-2026-20254?

In specific versions of Splunk Enterprise and Splunk Cloud Platform, a low-privileged user can exploit the CSS injection flaw to create a malicious classic dashboard. This crafted dashboard can lead to unauthorized data exfiltration when viewed by a user with higher privileges. The vulnerability arises from insufficient validation of inline style attributes in the Trusted Domains security check, allowing outbound requests to potentially unsafe domains, which can result in the leakage of sensitive information.

Affected Version(s)

Splunk Cloud Platform 10.3.2512 < 10.3.2512.13

Splunk Cloud Platform 10.2.2510 < 10.2.2510.15

Splunk Cloud Platform 10.1.2507 < 10.1.2507.23

References

CVSS V3.1

Score:
5.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Fredrik Alexandersson (stok)
.