CVE-2026-20203 PUBLISHED

Improper Access Control in Data Model Acceleration in Splunk Enterprise

Assigner: cisco
Reserved: 08.10.2025 Published: 15.04.2026 Updated: 15.04.2026

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the admin or power Splunk roles, has write permission on the app, and does not hold the high-privilege capability accelerate_datamodel, could turn on or off Data Model Acceleration due to improper access control.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CVSS Score: 4.3

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	Low
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	Splunk
Product	Splunk Enterprise
Versions	affected from 10.2 to 10.2.2 (excl.) affected from 10.0 to 10.0.5 (excl.) affected from 9.4 to 9.4.10 (excl.) affected from 9.3 to 9.3.11 (excl.)

Vendor	Splunk
Product	Splunk Cloud Platform
Versions	affected from 10.4.2603 to Not Affected (excl.) affected from 10.3.2512 to 10.3.2512.6 (excl.) affected from 10.2.2510 to 10.2.2510.10 (excl.) affected from 10.1.2507 to 10.1.2507.19 (excl.) affected from 10.0.2503 to 10.0.2503.13 (excl.) affected from 9.3.2411 to 9.3.2411.127 (excl.)

Credits

Mr Hack (try_to_hack) Santiago Lopez

References

https://advisory.splunk.com/advisories/SVD-2026-0402

Problem Types

The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. cwe