Splunk Enterprise and Cloud Platform: Privilege Escalation via Malicious File Unarchiving

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.2

Splunk Enterprise and Cloud Platform: Privilege Escalation via Malicious File Unarchiving

CVE-2026-20163

Summary

Users with high privileges in older versions of Splunk can execute unauthorized system commands, potentially leading to data tampering or unauthorized access. This issue affects certain Splunk Enterprise and Cloud Platform versions. Update to the latest version to prevent exploitation.

Original title

Original description

In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that contains the high-privilege capability `edit_cmd` could execute arbitrary shell commands using the `unarchive_cmd` parameter for the `/splunkd/__upload/indexing/preview` REST endpoint.

nvd CVSS3.1 7.2

Vulnerability type

CWE-77 Command Injection

https://advisory.splunk.com/advisories/SVD-2026-0302

Published: 11 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026