Access Control Flaw in Splunk Enterprise and Cloud Platforms
CVE-2026-20259

5.5MEDIUM

Key Information:

Vendor

Splunk

Vendor
CVE Published:
10 June 2026

What is CVE-2026-20259?

An access control vulnerability exists in Splunk Enterprise and Cloud products that allows users with the high-privilege role 'edit_saved_search_owner' to improperly reassign ownership of saved searches to unauthorized users. This flaw arises from the lack of proper access control at the ownership reassignment endpoint, potentially leading to privilege escalation and unauthorized access to sensitive configurations.

Affected Version(s)

Splunk Cloud Platform 10.3.2512 < 10.3.2512.12

Splunk Cloud Platform 10.2.2510 < 10.2.2510.15

Splunk Cloud Platform 10.1.2507 < 10.1.2507.23

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Andres Perez, Splunk
.