Sensitive Information Disclosure through Log Files in Splunk Enterprise

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_internal` index could view session cookies and response bodies that contain sensitive data.

Basic Information

ID CVE-2026-20239

Source cisco

Published May 20, 2026 at 16:32

Affected Product

Vendor Splunk

Product Splunk Enterprise

Version 10.2

Affected Versions Splunk Splunk Enterprise 10.2
Splunk Splunk Enterprise 10.0
Splunk Splunk Cloud Platform 10.3.2512
Splunk Splunk Cloud Platform 10.2.2510
Splunk Splunk Cloud Platform 10.1.2507
Splunk Splunk Cloud Platform 10.0.2503

References

advisory.splunk.com /advisories/SVD-2026-0503

{
    "lastseen": "",
    "description": "In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_internal` index could view session cookies and response bodies that contain sensitive data.",
    "published": "2026-05-20T16:32:12.678Z",
    "modified": "2026-05-20T16:32:12.678Z",
    "type": "cve",
    "title": "Sensitive Information Disclosure through Log Files in Splunk Enterprise",
    "source": "cisco",
    "references": "https://advisory.splunk.com/advisories/SVD-2026-0503",
    "id": "CVE-2026-20239",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Splunk Splunk Enterprise 10.2\nSplunk Splunk Enterprise 10.0\nSplunk Splunk Cloud Platform 10.3.2512\nSplunk Splunk Cloud Platform 10.2.2510\nSplunk Splunk Cloud Platform 10.1.2507\nSplunk Splunk Cloud Platform 10.0.2503",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Splunk Enterprise",
    "version": "10.2",
    "vendor": "Splunk",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Sensitive Information Disclosure through Log Files in Splunk Enterprise_CVE-2026-20239

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply