- 39/2026
- High
Splunk has released security updates to fix several vulnerabilities across Splunk Enterprise and Splunk Cloud Platform.
The addressed vulnerabilities could allow the attacker to obtain sensitive information from internal Splunk indexes, expose authentication secrets (including SAML configurations, RSA keys, and multi-factor authentication keys), perform client-side denial of service attacks, gain elevated privileges on Windows systems through local privilege escalation techniques, bypass risky command safeguards via path traversal in data models, and access restricted monitoring console functionalities due to improper access control in the affected products.
Sample of the addressed vulnerabilities:
1. Splunk Enterprise Local Privilege Escalation Vulnerability (CVE-2026-20143):
- CVSS: 7.7
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Privileges
2. Splunk Enterprise Sensitive Information Disclosure Vulnerability (CVE-2026- 20144):
- CVSS: 6.8
- Attack Vector: Adjacent
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Obtain Information
Vulnerabilities
- CVE-2026-20144
- CVE-2026-20143
- CVE-2026-20142
- CVE-2026-20141
- CVE-2026-20140
- CVE-2026-20139
- CVE-2026-20138
- CVE-2026-20137
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.