Cross-Site Request Forgery Vulnerability in Splunk Enterprise and Cloud Platform
CVE-2026-20296

8.3HIGH

Key Information:

Vendor

Splunk

Vendor
CVE Published:
15 July 2026

What is CVE-2026-20296?

In specific versions of Splunk Enterprise and Splunk Cloud Platform, a Cross-Site Request Forgery vulnerability allows attackers to execute arbitrary Search Processing Language (SPL) commands under the context of a user with specific privileges. This is possible due to inadequate validation of CSRF tokens on GET requests, enabling unauthorized access to sensitive stored credentials and indexed data. The flaw affects various deployments of Splunk, making it crucial for users to evaluate their system configurations and apply necessary updates.

Affected Version(s)

Splunk Cloud Platform 10.5.2605 < 10.5.2605.0

Splunk Cloud Platform 10.4.2604 < 10.4.2604.7

Splunk Cloud Platform 10.3.2512 < 10.3.2512.16

References

CVSS V3.1

Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.