Log Injection Vulnerability in Splunk SOAR Affects Administrators
CVE-2026-20260

4.3MEDIUM

Key Information:

Vendor

Splunk

Vendor
CVE Published:
10 June 2026

What is CVE-2026-20260?

In Splunk SOAR, versions prior to 8.5.0, a vulnerability exists that allows unauthenticated attackers to inject ANSI escape codes into the application log files via specially crafted HTTP request paths. This issue arises from the failure of the application to properly sanitize control characters in HTTP requests before logging them. As a result, when an administrator views the logs, these ANSI codes may be interpreted by terminal emulators, potentially leading to disclosure of sensitive information or other complications for system operators. It is crucial for organizations to upgrade to the latest version to mitigate this risk.

Affected Version(s)

Splunk SOAR 8.5 < 8.5.0

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

STĂ–K / Fredrik Alexandersson
.