Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.3
Splunk Enterprise, Cloud Platform: Malicious Code Can Run in Browser
CVE-2026-20162
Summary
A low-privileged user can trick a victim into running malicious code in their browser. This can happen if the victim is tricked into creating a new View at the wrong endpoint, and the attacker has a low privilege account. To fix this, update to the latest version of Splunk Enterprise or Cloud Platform.
Original title
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123, a low-privileged user who d...
Original description
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123, a low-privileged user who does not hold the "admin" or "power" Splunk roles could craft a malicious payload when creating a View (Settings - User Interface - Views) at the `/manager/launcher/data/ui/views/_new` endpoint leading to a Stored Cross-Site Scripting (XSS) through a path traversal vulnerability. This could result in execution of unauthorized JavaScript code in the browser of a user.
The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.
The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.
nvd CVSS3.1
6.3
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026