Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Kratos PhaaS Attacks Microsoft 365 Users to Steal Credentials
July 16, 2026
Critical Zoom Windows Flient Flaw Lets Attackers Take Over Accounts via Network
July 16, 2026
TuxBot v3 IoT Botnet Hijacks Devices, Launches DDoS Attacks with LLM Code
July 16, 2026
Home/CyberSecurity News/Multiple Critical Splunk Enterprise Vulnerabilities Allow Path Traversal, Info Disclosure
CyberSecurity News

Multiple Critical Splunk Enterprise Vulnerabilities Allow Path Traversal, Info Disclosure

Key Takeaways Splunk has released urgent security updates for critical vulnerabilities impacting Splunk Enterprise and Splunk Cloud Platform. The flaws could enable path traversal, expose stored...

Emy Elsamnoudy
Emy Elsamnoudy
July 16, 2026 3 Min Read
2 0

Key Takeaways

  • Splunk has released urgent security updates for critical vulnerabilities impacting Splunk Enterprise and Splunk Cloud Platform.
  • The flaws could enable path traversal, expose stored credential hashes, and allow arbitrary execution of Search Processing Language (SPL) commands.
  • The most severe vulnerability, CVE-2026-20296, carries a CVSS score of 8.3 and requires user interaction via a phishing attack.
  • Affected versions include various branches of Splunk Enterprise, with fixes available in versions 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14.

Splunk has issued critical security advisories and subsequent patches to address multiple vulnerabilities within its flagship products, Splunk Enterprise and Splunk Cloud Platform. These security weaknesses could lead to severe consequences, including unauthorized file system access, the exposure of sensitive credential information, and the ability to execute arbitrary search commands.

Table Of Content

  • Key Takeaways
  • Multiple Splunk Enterprise Vulnerabilities Addressed
  • What You Should Do

The identified flaws specifically affect the REST API and Splunk Web components, creating potential avenues for attackers—either authorized users or those leveraging social engineering tactics—to compromise data integrity, write files to unintended locations, or execute unauthorized searches.

Multiple Splunk Enterprise Vulnerabilities Addressed

The most pressing vulnerability, SVD-2026-0702 (CVE-2026-20296), has been assigned a CVSS score of 8.3, classifying it as high severity. This critical flaw resides within the Deployment Server component of Splunk Web.

Exploitation of CVE-2026-20296 hinges on an unauthenticated attacker successfully coercing a user with the list_deployment_server capability into clicking a malicious link or visiting a compromised webpage. The attack vector leverages a lack of Cross-Site Request Forgery (CSRF) validation on GET requests and inadequate sanitization of user-supplied input within SPL searches. If successful, this could allow the attacker to execute arbitrary SPL searches under the elevated privileges of the splunk-system-user, potentially exposing indexed data and stored credentials. However, it is important to note that direct remote exploitation without user interaction is not possible, requiring a preliminary phishing or social engineering effort.

Another significant vulnerability, SVD-2026-0703 (CVE-2026-20297), is a high-severity path traversal flaw with a CVSS score of 7.2. This issue exists within the App Install REST endpoint, specifically affecting the explicit_appname parameter. An authenticated user possessing both edit_local_apps and install_apps capabilities could exploit this during a legitimate application installation. Successful exploitation could enable an attacker to write files outside the intended application directory, specifically into the $SPLUNK_HOME/etc/ directory or its subdirectories, potentially compromising critical application configurations and other sensitive Splunk files.

Finally, a medium-severity information disclosure vulnerability, SVD-2026-0704 (CVE-2026-20298), carries a CVSS score of 5.3. This flaw allows a low-privileged user, without administrative or power roles, to access the /servicesNS/-/-/storage/passwords REST endpoint via the | rest SPL command. The endpoint could then return the encr_password field, exposing stored credential hashes to unauthorized individuals. While this vulnerability requires authentication and is rated with high attack complexity, the exposure of these hashes could facilitate offline password cracking attempts or serve as a stepping stone for further compromise.

What You Should Do

  • Splunk Enterprise Users: Immediately upgrade to one of the following fixed releases: 10.4.1, 10.2.5, 10.0.8, 9.4.13, or any later version. For the path traversal issue affecting the 9.3 branch, upgrade to version 9.3.14.
  • CVE-2026-20298 Mitigation: For the information disclosure vulnerability, administrators must configure limits.conf by adding mask_encr_password = true under the [storage_passwords_masking] stanza, and then restart Splunk Enterprise.
  • CVE-2026-20296 Interim Mitigation: If immediate patching is not feasible, organizations can reduce exposure by disabling Splunk Web in environments where it is not essential.
  • Splunk Cloud Platform Customers: Splunk is actively patching and monitoring Splunk Cloud Platform instances; no direct action is required from customers.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchphishingSecurityVulnerability

Share Article

Emy Elsamnoudy

Emy Elsamnoudy

Emy is a cybersecurity analyst and reporter specializing in threat hunting, defense strategies, and industry trends. With expertise in proactive security measures, Emily covers the tools and techniques organizations use to detect and prevent cyber attacks. She is a regular speaker at security conferences and has contributed to industry reports on threat intelligence and security operations. Emily's reporting focuses on helping organizations improve their security posture through practical, actionable insights.

Previous Post

F5 Patches Critical NGINX Vulnerabilities, Preventing Code Execution

Next Post

CISA Warns of Oracle E-Business Suite Vulnerability Actively Exploited in Attacks

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Multiple Critical Splunk Enterprise Vulnerabilities Allow Path Traversal, Info Disclosure
July 16, 2026
F5 Patches Critical NGINX Vulnerabilities, Preventing Code Execution
July 16, 2026
Critical MacSync Stealer Delivered via Google Ads and Claude AI Chats
July 15, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Emy Elsamnoudy
Emy Elsamnoudy
Jennifer sherman
Jennifer sherman
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us