Splunk: Low-Privilege Users Can Access Sensitive Data

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.3

Splunk: Low-Privilege Users Can Access Sensitive Data

CVE-2026-20165

Summary

A user with limited access to Splunk can view sensitive information through search logs if certain versions of Splunk Enterprise and Splunk Cloud Platform are used. This is a concern because it could lead to unauthorized disclosure of sensitive data. Update to the latest version to resolve this issue.

Original title

Original description

In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve sensitive information by inspecting the job's search log due to improper access control in the MongoClient logging channel.

nvd CVSS3.1 6.3

Vulnerability type

CWE-532 Insertion of Sensitive Information into Log File

https://advisory.splunk.com/advisories/SVD-2026-0304

Published: 11 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026