Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.4
Splunk Enterprise: Unauthorized access to Observability Cloud API token
CVE-2026-20166
Summary
Some users without admin or power roles can access sensitive API keys in Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.0.2503.12. This could allow unauthorized access to Observability Cloud data. Update to the latest versions to fix the issue.
Original title
In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.0.2503.12, a low-privileged user that does not hold the "admin" or ...
Original description
In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.0.2503.12, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve the Observability Cloud API access token through the Discover Splunk Observability Cloud app due to improper access control.
This vulnerability does not affect Splunk Enterprise versions below 9.4.9 and 9.3.10 because the Discover Splunk Observability Cloud app does not come with Splunk Enterprise.
This vulnerability does not affect Splunk Enterprise versions below 9.4.9 and 9.3.10 because the Discover Splunk Observability Cloud app does not come with Splunk Enterprise.
nvd CVSS3.1
5.4
Vulnerability type
CWE-200
Information Exposure
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026