Stored Credential Hash Exposure in Splunk Enterprise and Splunk Cloud Platform
CVE-2026-20298

5.3MEDIUM

Key Information:

Vendor

Splunk

Vendor
CVE Published:
15 July 2026

What is CVE-2026-20298?

A vulnerability exists in Splunk Enterprise and Splunk Cloud Platform that permits low-privileged users to gain access to sensitive information, specifically, stored credential hashes. This exposure arises when users invoke the /servicesNS/-/-/storage/passwords REST endpoint using the |rest Search Processing Language command, which inadvertently returns the encr_password field. Such a flaw can compromise data security and integrity, highlighting the need for stricter access controls and immediate patching.

Affected Version(s)

Splunk Cloud Platform 10.5.2605 < 10.5.2605.0

Splunk Cloud Platform 10.4.2604 < 10.4.2604.6

Splunk Cloud Platform 10.3.2512 < 10.3.2512.15

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.