Log Injection through HTTP Request Paths in Splunk SOAR

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Description

In Splunk SOAR (Security Orchestration, Automation, and Response) versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute (ANSI) escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might interpret when an administrator views the logs.<br><br>The injection is possible because SOAR does not strip control characters from HTTP request paths before writing them to application logs.

Basic Information

ID CVE-2026-20260

Source cisco

Published Jun 10, 2026 at 17:16

Modified Jun 10, 2026 at 18:23

Affected Product

Vendor Splunk

Product Splunk SOAR

Version 8.5

Affected Versions Splunk Splunk SOAR 8.5

References

advisory.splunk.com /advisories/SVD-2026-0611

{
    "lastseen": "",
    "description": "In Splunk SOAR (Security Orchestration, Automation, and Response) versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute (ANSI) escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might interpret when an administrator views the logs.<br><br>The injection is possible because SOAR does not strip control characters from HTTP request paths before writing them to application logs.",
    "published": "2026-06-10T17:16:20.653Z",
    "modified": "2026-06-10T18:23:13.215Z",
    "type": "cve",
    "title": "Log Injection through HTTP Request Paths in Splunk SOAR",
    "source": "cisco",
    "references": "https://advisory.splunk.com/advisories/SVD-2026-0611",
    "id": "CVE-2026-20260",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Splunk Splunk SOAR 8.5",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Splunk SOAR",
    "version": "8.5",
    "vendor": "Splunk",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Log Injection through HTTP Request Paths in Splunk SOAR_CVE-2026-20260

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply