Data Exfiltration Vulnerability in Splunk Enterprise and Cloud Platform
CVE-2026-20256

5.7MEDIUM

Key Information:

Vendor

Splunk

Vendor
CVE Published:
10 June 2026

What is CVE-2026-20256?

In specific versions of Splunk Enterprise and Splunk Cloud Platform, a vulnerability allows low-privileged users to perform data exfiltration by utilizing protocol-relative URLs in dashboard drill-down links. The URL classifier fails to recognize these URLs and does not prompt users with a warning when an external site is accessed. This flaw can lead to unauthorized access to sensitive data, highlighting the need for updated security measures and awareness among users.

Affected Version(s)

Splunk Cloud Platform 10.3.2512 < 10.3.2512.13

Splunk Cloud Platform 10.2.2510 < 10.2.2510.15

Splunk Cloud Platform 10.1.2507 < 10.1.2507.23

References

CVSS V3.1

Score:
5.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tony Tong (tongster)
.