CVE-2026-20202 PUBLISHED

Improper Input Validation during User Account Creation in Splunk Enterprise

Assigner: cisco
Reserved: 08.10.2025 Published: 15.04.2026 Updated: 15.04.2026

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127, a user who holds a role that contains the high-privilege capability edit_usercould create a specially crafted username that includes a null byte or a non-UTF-8 percent-encoded byte due to improper input validation.<br><br>This could lead to inconsistent conversion of usernames into a proper format for storage and account management inconsistencies, such as being unable to edit or delete affected users.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 6.6

Product Status

Vendor Splunk
Product Splunk Enterprise
Versions
  • affected from 10.2 to 10.2.2 (excl.)
  • affected from 10.0 to 10.0.5 (excl.)
  • affected from 9.4 to 9.4.10 (excl.)
  • affected from 9.3 to 9.3.11 (excl.)
Vendor Splunk
Product Splunk Cloud Platform
Versions
  • affected from 10.4.2603 to Not Affected (excl.)
  • affected from 10.3.2512 to 10.3.2512.6 (excl.)
  • affected from 10.2.2510 to 10.2.2510.10 (excl.)
  • affected from 10.1.2507 to 10.1.2507.20 (excl.)
  • affected from 10.0.2503 to 10.0.2503.13 (excl.)
  • affected from 9.3.2411 to 9.3.2411.127 (excl.)

Credits

  • Ryan Luke<br><br>Mahfujur Rahman (mahfujwhh)

References

Problem Types

  • The software does not properly handle when an input contains Unicode encoding. cwe