CVE-2026-20144

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for Attribute query requests (AQRs) or Authentication extensions in plain text within the conf.log file, depending on which feature is configured.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://advisory.splunk.com/advisories/SVD-2026-0209	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk_cloud_platform::::::::
	cpe:2.3:a:splunk:splunk_cloud_platform::::::::
	cpe:2.3:a:splunk:splunk_cloud_platform::::::::

History

No history.

Information

Published : 2026-02-18 18:24

Updated : 2026-02-23 14:43

NVD link : CVE-2026-20144

Mitre link : CVE-2026-20144

CVE.ORG link : CVE-2026-20144

JSON object : View

Products Affected

splunk

splunk_cloud_platform
splunk

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2026-20144", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2026-02-18T18:24:29.220", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2026-0209", "tags": ["Vendor Advisory"], "source": "psirt@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@cisco.com", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for Attribute query requests (AQRs) or Authentication extensions in plain text within the conf.log file, depending on which feature is configured."}, {"lang": "es", "value": "En las versiones de Splunk Enterprise anteriores a 10.2.0, 10.0.2, 9.4.7, 9.3.8 y 9.2.11, y en las versiones de Splunk Cloud Platform anteriores a 10.2.2510.0, 10.1.2507.11, 10.0.2503.9 y 9.3.2411.120, un usuario de una implementaci\u00f3n de Splunk Search Head Cluster (SHC) que posee un rol con acceso al \u00edndice _internal de Splunk podr\u00eda ver las configuraciones de Security Assertion Markup Language (SAML) para solicitudes de consulta de atributos (AQRs) o extensiones de autenticaci\u00f3n en texto sin formato dentro del archivo conf.log, dependiendo de qu\u00e9 caracter\u00edstica est\u00e9 configurada."}], "lastModified": "2026-02-23T14:43:22.443", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "80092DB5-6859-4E0A-BBD6-171051C451A1", "versionEndExcluding": "9.2.11", "versionStartIncluding": "9.2.0"}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "05D6973D-D965-42D3-8320-AF4A4B424E6C", "versionEndExcluding": "9.3.8", "versionStartIncluding": "9.3.0"}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "1F057ECE-42B5-4C1D-A201-EFF275EFAAD3", "versionEndExcluding": "9.4.7", "versionStartIncluding": "9.4.0"}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "4413D4BE-F225-4C28-B401-EB46D8F34160", "versionEndExcluding": "10.0.2", "versionStartIncluding": "10.0.0"}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6CA3000-9C26-45B9-A2A2-C22F3F4246BC", "versionEndExcluding": "9.3.2411.120", "versionStartIncluding": "9.3.2411"}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62714243-8A5F-4908-BD39-7B1026B8E7D7", "versionEndExcluding": "10.0.2503.9", "versionStartIncluding": "10.0.2503"}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "580C6FE9-14D3-4813-ABF1-3D829CCBAF72", "versionEndExcluding": "10.1.2507.11", "versionStartIncluding": "10.1.2507"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@cisco.com"}