Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.7
Splunk Enterprise and Cloud Platform: Unauthorized Access to Sensitive Commands
CVE-2026-20137
Summary
A low-privileged user can bypass security controls and run sensitive commands in Splunk by creating a Data Model with a malicious query. This can happen in older versions of Splunk Enterprise and Cloud Platform. To fix this, upgrade to the latest available version.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| splunk | splunk | > 9.2.0 , <= 9.2.9 | – |
| splunk | splunk | > 9.3.0 , <= 9.3.7 | – |
| splunk | splunk | > 9.4.0 , <= 9.4.5 | – |
| splunk | splunk | > 10.0.0 , <= 10.0.3 | – |
| splunk | splunk_cloud_platform | > 9.3.2408 , <= 9.3.2408.122 | – |
| splunk | splunk_cloud_platform | > 9.3.2411 , <= 9.3.2411.112 | – |
| splunk | splunk_cloud_platform | > 10.0.2503 , <= 10.0.2503.9 | – |
| splunk | splunk_cloud_platform | 10.1.2507 | – |
Original title
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user...
Original description
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky commands when they create a Data Model that contains an injected SPL query within an object. They can bypass the safeguards by exploiting a path traversal vulnerability.
nvd CVSS3.1
5.7
Vulnerability type
CWE-200
Information Exposure
CWE-22
Path Traversal
- https://advisory.splunk.com/advisories/SVD-2026-0202 Vendor Advisory
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026