Stored Credential Hash Exposure in Splunk Enterprise and Splunk Cloud Platform
CVE-2026-20298
5.3MEDIUM
Key Information:
- Vendor
Splunk
- Vendor
- CVE Published:
- 15 July 2026
What is CVE-2026-20298?
A vulnerability exists in Splunk Enterprise and Splunk Cloud Platform that permits low-privileged users to gain access to sensitive information, specifically, stored credential hashes. This exposure arises when users invoke the /servicesNS/-/-/storage/passwords REST endpoint using the |rest Search Processing Language command, which inadvertently returns the encr_password field. Such a flaw can compromise data security and integrity, highlighting the need for stricter access controls and immediate patching.
Affected Version(s)
Splunk Cloud Platform 10.5.2605 < 10.5.2605.0
Splunk Cloud Platform 10.4.2604 < 10.4.2604.6
Splunk Cloud Platform 10.3.2512 < 10.3.2512.15