—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Splunk Products

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

Splunk Enterprise

Versions prior to 10.0.7

Versions prior to 10.2.4 

Versions prior to 9.3.13  

Versions prior to 9.4.12

Splunk Cloud Platform

Versions prior to 9.3.2411.132 

Versions prior to 10.0.2503.14 

Versions prior to 10.1.2507.23 

Versions prior to 10.2.2510.15 

Versions prior to 10.3.2512.13 

Versions prior to 10.4.2604.3

Overview

Multiple vulnerabilities have been reported in Splunk products, which could allow an unauthenticated or low privileged attacker to create or truncate arbitrary files, perform server-side request forgery (SSRF), execute malicious scripts in a victim¿s browser, disclose sensitive information, bypass access controls, and exfiltrate sensitive data from the targeted system.

Target Audience:

All organizations and individuals using Splunk products.

Risk Assessment:

Critical risk of unauthorized system access, remote code execution, data exfiltration, privilege escalation, information disclosure, and compromise of the confidentiality, integrity, and availability of affected Splunk environments.

Impact Assessment:

Potential for arbitrary file creation and truncation, server-side request forgery, information disclosure, unauthorized ownership reassignment, execution of malicious scripts, and sensitive data exfiltration.

Description

Splunk is a platform used for searching, monitoring, and analyzing machine generated data in real time. It collects, indexes, and correlates large volumes of data generated by applications, servers, networks, and other infrastructure components.

These vulnerabilities exist in Splunk products due to improper access control, insufficient authentication mechanisms, improper input validation and sanitization, inadequate URL and CSS validation, stored cross-site scripting (XSS) weaknesses, server-side request forgery (SSRF) conditions, and information disclosure flaws within affected components. An attacker could exploit these vulnerabilities by leveraging unauthenticated or low-privileged access, creating malicious dashboard content, manipulating saved search objects, or sending specially crafted requests to vulnerable components of the targeted system.

Successful exploitation of these vulnerabilities could allow an attacker to create or truncate arbitrary files, perform server-side requests to internal systems, execute malicious scripts in victim browsers, disclose sensitive information, bypass access controls, exfiltrate sensitive data, and compromise the confidentiality, integrity, and availability of affected systems.

Solution

Apply appropriate fixes issued by the vendor.

https://advisory.splunk.com/advisories/SVD-2026-0603

https://advisory.splunk.com/advisories/SVD-2026-0602

https://advisory.splunk.com/advisories/SVD-2026-0604

https://advisory.splunk.com/advisories/SVD-2026-0605

https://advisory.splunk.com/advisories/SVD-2026-0606

https://advisory.splunk.com/advisories/SVD-2026-0607

https://advisory.splunk.com/advisories/SVD-2026-0608

https://advisory.splunk.com/advisories/SVD-2026-0609

Vendor Information

Splunk

https://www.splunk.com

References

Splunk

https://advisory.splunk.com/advisories/SVD-2026-0603

https://advisory.splunk.com/advisories/SVD-2026-0602

https://advisory.splunk.com/advisories/SVD-2026-0604

https://advisory.splunk.com/advisories/SVD-2026-0605

https://advisory.splunk.com/advisories/SVD-2026-0606

https://advisory.splunk.com/advisories/SVD-2026-0607

https://advisory.splunk.com/advisories/SVD-2026-0608

https://advisory.splunk.com/advisories/SVD-2026-0609

CVE Name

CVE-2026-20252

CVE-2026-20253

CVE-2026-20254

CVE-2026-20255

CVE-2026-20256

CVE-2026-20257

CVE-2026-20258

CVE-2026-20259

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmo7viAACgkQ3jCgcSdc

ys9ZSRAAl4ymCwJ08uZAKzqFfNKUY3AQJPoSuNi2r0thEiCv/YhM6e36NxgVq6hx

WgG4RfKRjWfmmond6RiqXqQA/WUcUUCMs5ZvUQygYGR9Pcla6yjJXVORd4ZQjYdJ

2lJr+FSVoYJZPSIy63NfOX2KHvfBBoqKifYivfuecQMJYzycajM8j1tsuZYXPMrW

54dwQ35/Xv0QtRbnWAhmcAsnm/Z9sGS5lXQ2TNBrI1Cb+ezJh2r0cDaZf1ueyJZC

iXzxhbk8hQi7jVfdSlj/LwbVd7kJyAUKJOo+gIBOMeGwA+TNSWGL6nHb5KgiHMS/

jiBJhnHVS026lk9HIlYmknO0pNLQBTUKDHR11UZp+vh7BtXac+R+Phw1uR20TMQ7

JRG5+pOzJzM/SfyHGyToZzh5mveH5jrw6pB5uKI+BAIVqqRRsuzrTRAqWkKt7URR

ek/p2LaevKBQ5XGVt9oqq9RqYP9966MjI8/aW3tdNlmMRZe+hkrLCX7Cq9tv/DBJ

5wT3azEBAGnKhC6+3wkFLzOk9jstb8UZAiyBSheBmfZnKFrTxDuwqV0fp4vtX3wr

GCz+FwtIicXvXTQFXyrcqEyzInarW83oJWLb7yuOr6FW4v8+fVmNq4p72nfASokV

1uJFbVu2oyjUdFuz4bOOwxVjlUBP67MI64nQ/4m64FnF2ze+4nU=

=onQa

—–END PGP SIGNATURE—–