CVE-2026-20239 PUBLISHED

Sensitive Information Disclosure through Log Files in Splunk Enterprise

Assigner: cisco
Reserved: 08.10.2025 Published: 20.05.2026 Updated: 21.05.2026

In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the _internal index could view session cookies and response bodies that contain sensitive data.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 7.5

Attack Vector	Network	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Splunk
Product	Splunk Enterprise
Versions	affected from 10.2 to 10.2.2 (excl.) affected from 10.0 to 10.0.5 (excl.)

Vendor	Splunk
Product	Splunk Cloud Platform
Versions	affected from 10.3.2512 to 10.3.2512.8 (excl.) affected from 10.2.2510 to 10.2.2510.11 (excl.) affected from 10.1.2507 to 10.1.2507.21 (excl.) affected from 10.0.2503 to 10.0.2503.13 (excl.)

Credits

Charlie Huggard, Splunk

References

https://advisory.splunk.com/advisories/SVD-2026-0503

Problem Types

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. cwe