Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
4.3

Splunk: Malicious user can crash Splunk Web with crafted password change

CVE-2026-20139
Summary

A low-privileged user can intentionally slow down or shut down Splunk Web by changing their password with a specially crafted request. This can cause performance issues or make Splunk Web unresponsive. Update to the latest version of Splunk to fix this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software
VendorProductAffected versionsFix available
splunk splunk > 9.2.0 , <= 9.2.12
splunk splunk > 9.3.0 , <= 9.3.9
splunk splunk > 9.4.0 , <= 9.4.8
splunk splunk > 10.0.0 , <= 10.0.2
splunk splunk_cloud_platform > 9.3.2411 , <= 9.3.2411.121
splunk splunk_cloud_platform > 10.0.2503 , <= 10.0.2503.9
splunk splunk_cloud_platform > 10.1.2507 , <= 10.1.2507.8
splunk splunk_cloud_platform > 10.2.2510 , <= 10.2.2510.3
Original title
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121, a low-privileged user...
Original description
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload into the `realname`, `tz`, or `email` parameters of the `/splunkd/__raw/services/authentication/users/username` REST API endpoint when they change a password. This could potentially lead to a client‑side denial‑of‑service (DoS). The malicious payload might significantly slow page load times or render Splunk Web temporarily unresponsive.
nvd CVSS3.1 4.3
Vulnerability type
CWE-400 Uncontrolled Resource Consumption
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026