CVE-2026-20162

Published Mar 11, 2026

Last updated 23 days ago

CVSS medium 6.3

Splunk

Overview

Description: In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123, a low-privileged user who does not hold the "admin" or "power" Splunk roles could craft a malicious payload when creating a View (Settings - User Interface - Views) at the `/manager/launcher/data/ui/views/_new` endpoint leading to a Stored Cross-Site Scripting (XSS) through a path traversal vulnerability. This could result in execution of unauthorized JavaScript code in the browser of a user. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.
Source: psirt@cisco.com
NVD status: Analyzed
Products: splunk, splunk_cloud_platform

Risk scores

CVSS 3.1

Type: Secondary
Base score: 6.3
Impact score: 4.2
Exploitability score: 2.1
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
Severity: MEDIUM

Weaknesses

psirt@cisco.com: CWE-79
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
            "matchCriteriaId": "0D9ACC64-CE37-4DBF-9315-E2DA76A3EAD2",
            "versionEndExcluding": "9.3.9",
            "versionStartIncluding": "9.3.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
            "matchCriteriaId": "ACAC2D08-9ED6-4E58-A999-0EE2025C69FC",
            "versionEndExcluding": "9.4.9",
            "versionStartIncluding": "9.4.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
            "matchCriteriaId": "CB313879-7BD8-411A-B503-01689F0B326E",
            "versionEndExcluding": "10.0.3",
            "versionStartIncluding": "10.0.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "3AF43951-3CF1-4FC8-AAAF-498949E87019",
            "versionEndExcluding": "9.3.2411.123",
            "versionStartIncluding": "9.3.2411",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "F7A6863D-1330-4F11-B001-E577AFA9F0AE",
            "versionEndExcluding": "10.0.2503.11",
            "versionStartIncluding": "10.0.2503",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "F7CBC7AC-B137-40B7-BD12-C7F1C4B24B15",
            "versionEndExcluding": "10.1.2507.15",
            "versionStartIncluding": "10.1.2507",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "BFB8357C-BCAC-43D6-8C4B-5F1B61E81A24",
            "versionEndExcluding": "10.2.2510.4",
            "versionStartIncluding": "10.2.2510",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References