Splunk Enterprise: Unauthorized access to stored passwords

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.5

Splunk Enterprise: Unauthorized access to stored passwords

CVE-2026-20164

Summary

A low-privilege user in affected versions of Splunk Enterprise and Splunk Cloud Platform can access and potentially see sensitive passwords. This could lead to the unauthorized disclosure of confidential information. Upgrade to the latest version or patch as soon as possible to prevent this issue.

Original title

Original description

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, 10.0.2503.11, and 9.3.2411.123, a low-privileged user that does not hold the "admin" or "power" Splunk roles could access the `/splunkd/__raw/servicesNS/-/-/configs/conf-passwords` REST API endpoint, which exposes the hashed or plaintext password values that are stored in the passwords.conf configuration file due to improper access control. This vulnerability could allow for the unauthorized disclosure of sensitive credentials.

nvd CVSS3.1 6.5

Vulnerability type

CWE-200 Information Exposure

https://advisory.splunk.com/advisories/SVD-2026-0303

Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026