Cross-Site Request Forgery Vulnerability in Splunk Enterprise and Cloud Platform
CVE-2026-20296
8.3HIGH
Key Information:
- Vendor
Splunk
- Vendor
- CVE Published:
- 15 July 2026
What is CVE-2026-20296?
In specific versions of Splunk Enterprise and Splunk Cloud Platform, a Cross-Site Request Forgery vulnerability allows attackers to execute arbitrary Search Processing Language (SPL) commands under the context of a user with specific privileges. This is possible due to inadequate validation of CSRF tokens on GET requests, enabling unauthorized access to sensitive stored credentials and indexed data. The flaw affects various deployments of Splunk, making it crucial for users to evaluate their system configurations and apply necessary updates.
Affected Version(s)
Splunk Cloud Platform 10.5.2605 < 10.5.2605.0
Splunk Cloud Platform 10.4.2604 < 10.4.2604.7
Splunk Cloud Platform 10.3.2512 < 10.3.2512.16