SecAlerts
CVE ListPricingSign Up
Splunk logo

Splunk

Security Risk Profile

45
/100
medium

Security Risk Score

Comprehensive risk assessment based on 273 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from June 23, 2010 to present

273
Total CVEs
126
Critical+High
2
Exploited
86
Unpatched

Threat Assessment

Avg CVSS
6.6
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
86
Critical/High
Risk Level
45/100
medium
⚠️ 2 Active Exploits🆕 3Fresh (<7d)📈 3 in Last 30 Days

Severity Distribution

Critical
17
High
109
Medium
136
Low
11

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
9

Age Distribution

Common Weaknesses (CWE)

1
XSS
46
2
Input Validation
37
3
Infoleak
28
4
Path Traversal
15
5
Command Injection
6

Most Affected Products

1. Splunk splunk1226
2. Splunk Splunk Cloud Platform247
3. Splunk Universal Forwarder181
4. NetApp H300s Firmware72
5. NetApp H700s Firmware72

Recent Vulnerabilities

See more →
CVE-2026-20238
CVSS 6.5medium

Improper Access Control through Role Inheritance in Splunk AI Toolkit app

5/20/2026🔧 No Patch
CVE-2026-20239
CVSS 7.5high

Sensitive Information Disclosure through Log Files in Splunk Enterprise

5/20/2026🔧 No Patch
CVE-2026-20240
CVSS 7.1high

Denial of Service through coldToFrozen.sh Script in Splunk Enterprise

5/20/2026🔧 No Patch
CVE-2026-20205
CVSS 7.2high

Sensitive Information Disclosure in ''_internal'' index in Splunk MCP Server app

4/15/2026🔧 No Patch
CVE-2026-20203
CVSS 4.3medium

Improper Access Control in Data Model Acceleration in Splunk Enterprise

4/15/2026🔧 No Patch
CVE-2026-20204
CVSS 7.1high

Improper Handling and Insufficient Isolation of Specific Temporary Files in Splunk Enterprise

4/15/2026🔧 No Patch
CVE-2026-20202
CVSS 6.6medium

Improper Input Validation during User Account Creation in Splunk Enterprise

4/15/2026🔧 No Patch
CVE-2026-20163
CVSS 8.0high

Remote Command Execution (RCE) through the '/splunkd/__upload/indexing/preview' REST endpoint in Splunk Enterprise

3/11/2026🔧 No Patch
CVE-2026-20162
CVSS 6.3medium

Stored Cross-Site Scripting (XSS) through Path Traversal in Splunk Enterprise

3/11/2026🔧 No Patch
CVE-2026-20166
CVSS 5.4medium

Sensitive Information Disclosure in Discover Splunk Observability Cloud app for Splunk Enterprise

3/11/2026🔧 No Patch

Monitor Splunk in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.

Splunk Security Vulnerabilities & Risk Score | 273 CVEs | SecAlerts - SecAlerts