Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.9
Splunk Enterprise: Unauthorized access to SAML configurations
CVE-2026-20144
Summary
Splunk Enterprise users with certain permissions may be able to see sensitive SAML configuration details in log files. This could allow an attacker to gain unauthorized access to your system. Update to the latest version of Splunk Enterprise to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| splunk | splunk | > 9.2.0 , <= 9.2.11 | – |
| splunk | splunk | > 9.3.0 , <= 9.3.8 | – |
| splunk | splunk | > 9.4.0 , <= 9.4.7 | – |
| splunk | splunk | > 10.0.0 , <= 10.0.2 | – |
| splunk | splunk_cloud_platform | > 9.3.2411 , <= 9.3.2411.120 | – |
| splunk | splunk_cloud_platform | > 10.0.2503 , <= 10.0.2503.9 | – |
| splunk | splunk_cloud_platform | > 10.1.2507 , <= 10.1.2507.11 | – |
Original title
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk S...
Original description
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for Attribute query requests (AQRs) or Authentication extensions in plain text within the conf.log file, depending on which feature is configured.
nvd CVSS3.1
4.9
Vulnerability type
CWE-532
Insertion of Sensitive Information into Log File
- https://advisory.splunk.com/advisories/SVD-2026-0209 Vendor Advisory
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026