Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how splunk compares to other vendors in security performance

View Risk Score →

Splunk Splunk AI ToolkitImproper Access Control through Role Inheritance in Splunk AI Toolkit app

Risk 38
Severity
6.5
First published (updated )
CVE-2026-20238

Splunk Splunk Cloud PlatformSensitive Information Disclosure through Log Files in Splunk Enterprise

Risk 70
Severity
7.5
First published (updated )
CVE-2026-20239

Splunk Splunk Cloud PlatformDenial of Service through coldToFrozen.sh Script in Splunk Enterprise

Risk 40
Severity
7.1
First published (updated )
CVE-2026-20240

Splunk MCP Server appSensitive Information Disclosure in ''_internal'' index in Splunk MCP Server app

Risk 66
Severity
7.2
First published (updated )
CVE-2026-20205

Splunk Splunk Cloud PlatformImproper Access Control in Data Model Acceleration in Splunk Enterprise

Risk 22
Severity
4.3
First published (updated )
CVE-2026-20203
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Splunk Splunk Cloud PlatformImproper Handling and Insufficient Isolation of Specific Temporary Files in Splunk Enterprise

Risk 65
Severity
7.1
First published (updated )
CVE-2026-20204

Splunk Splunk Cloud PlatformImproper Input Validation during User Account Creation in Splunk Enterprise

Risk 61
Severity
6.6
First published (updated )
CVE-2026-20202

Splunk Splunk Cloud PlatformRemote Command Execution (RCE) through the '/splunkd/__upload/indexing/preview' REST endpoint in Splunk Enterprise

Risk 69
Severity
8
First published (updated )
CVE-2026-20163

Splunk Splunk Cloud PlatformStored Cross-Site Scripting (XSS) through Path Traversal in Splunk Enterprise

Risk 43
Severity
6.3
First published (updated )
CVE-2026-20162

Splunk Splunk Cloud PlatformSensitive Information Disclosure in Discover Splunk Observability Cloud app for Splunk Enterprise

Risk 34
Severity
5.4
First published (updated )
CVE-2026-20166
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Splunk Splunk Cloud PlatformSensitive Information Disclosure through Improper Access Control in Splunk Enterprise

Risk 38
Severity
6.5
First published (updated )
CVE-2026-20164

Splunk Splunk Cloud PlatformSensitive Information Disclosure in MongoClient logging channel in Splunk Enterprise

Risk 38
Severity
6.5
First published (updated )
CVE-2026-20165

Splunk splunkSensitive Information Disclosure in "_internal" index in Splunk Enterprise

Risk 62
Severity
6.8
First published (updated )
CVE-2026-20142

Splunk splunkSensitive Information Disclosure in "_internal" index in Splunk Enterprise

Risk 62
Severity
6.8
First published (updated )
CVE-2026-20138

Splunk Splunk Cloud PlatformClient-Side Denial of Service (DoS) through ''/splunkd/__raw/services/authentication/users/username'' REST API endpoint in Splunk Enterprise

Risk 22
Severity
4.3
First published (updated )
CVE-2026-20139
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Splunk Splunk Cloud PlatformSensitive Information Disclosure in ''_internal'' index in Splunk Enterprise

Risk 62
Severity
6.8
First published (updated )
CVE-2026-20144

Splunk splunkImproper Access Control in Splunk Monitoring Console App

Risk 38
Severity
6.5
First published (updated )
CVE-2026-20141

Splunk Splunk Cloud PlatformRisky Commands Safeguards Bypass through preloaded Data Models due to Path Traversal vulnerability in Splunk Enterprise

Risk 33
Severity
5.7
First published (updated )
CVE-2026-20137

Splunk Splunk Cloud PlatformBlind Server Side Request Forgery (SSRF) through Distributed Search Peers in Splunk Enterprise

Risk 16
Severity
2.7
First published (updated )
CVE-2025-20388

Splunk Splunk Secure GatewayImproper Input Validation in "label" column field in Splunk Secure Gateway App

Risk 38
Severity
6.5
First published (updated )
CVE-2025-20389
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Splunk splunkIncorrect permissions assignment on Splunk Universal Forwarder for Windows during new installation or upgrade

Risk 71
Severity
8
First published (updated )
CVE-2025-20387

Splunk Secure GatewayImproper access control through push notifications for reports and alerts in Splunk Secure Gateway app

Risk 22
Severity
4.3
First published (updated )
CVE-2025-20383

Splunk splunkUnauthenticated Log Injection in Splunk Enterprise

Risk 27
Severity
5.3
First published (updated )
CVE-2025-20384

Splunk splunkIncorrect permission assignment on Splunk Enterprise for Windows during new installation or upgrade

Risk 71
Severity
8
First published (updated )
CVE-2025-20386

Splunk splunkStored Cross-Site scripting (XSS) through Anchor Tag "href" in Navigation Bar Collections in Splunk Enterprise

Risk 29
Severity
4.8
First published (updated )
CVE-2025-20385
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Splunk MCP Server appSPL commands allowlist controls bypass in Splunk MCP Server app through "run_splunk_query" MCP tool

Risk 34
Severity
5.4
First published (updated )
CVE-2025-20381

Splunk splunkURL validation bypass through Views Dashboard in Splunk Enterprise

Risk 34
Severity
5.4
First published (updated )
CVE-2025-20382

Splunk Add-on for Palo Alto NetworksSensitive Information Disclosure in “_internal“ index through Splunk Add-On for Palo Alto Networks

Risk 16
Severity
2.7
First published (updated )
CVE-2025-20373

Splunk Splunk Cloud PlatformRisky command safeguards bypass using the “/services/streams/search“ REST endpoint through “q“ parameter in Splunk Enterprise

Risk 19
Severity
3.5
First published (updated )
CVE-2025-20379

Splunk splunkOpen Redirect on Web Login endpoint in Splunk Enterprise

Risk 38
Severity
6.1
First published (updated )
CVE-2025-20378
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203