Log Injection Vulnerability in Splunk SOAR Affects Administrators
CVE-2026-20260
4.3MEDIUM
What is CVE-2026-20260?
In Splunk SOAR, versions prior to 8.5.0, a vulnerability exists that allows unauthenticated attackers to inject ANSI escape codes into the application log files via specially crafted HTTP request paths. This issue arises from the failure of the application to properly sanitize control characters in HTTP requests before logging them. As a result, when an administrator views the logs, these ANSI codes may be interpreted by terminal emulators, potentially leading to disclosure of sensitive information or other complications for system operators. It is crucial for organizations to upgrade to the latest version to mitigate this risk.
Affected Version(s)
Splunk SOAR 8.5 < 8.5.0