CVE-2026-20203

Published Apr 15, 2026

Last updated 6 days ago

CVSS medium 4.3

Overview

Description: In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the `admin` or `power` Splunk roles, has write permission on the app, and does not hold the high-privilege capability `accelerate_datamodel`, could turn on or off Data Model Acceleration due to improper access control.
Source: psirt@cisco.com
NVD status: Analyzed
Products: splunk, splunk_cloud_platform

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Severity: MEDIUM

Weaknesses

psirt@cisco.com: CWE-284

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
            "matchCriteriaId": "9A537203-F31B-44A1-BB9E-C62F4539FA0B",
            "versionEndExcluding": "9.3.11",
            "versionStartIncluding": "9.3.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
            "matchCriteriaId": "0205D102-93C7-42FA-A33E-E517BB7760C4",
            "versionEndExcluding": "9.4.10",
            "versionStartIncluding": "9.4.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
            "matchCriteriaId": "D5A01879-50A5-4266-A08C-F55584F442ED",
            "versionEndExcluding": "10.0.5",
            "versionStartIncluding": "10.0.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
            "matchCriteriaId": "9F3A147D-2A67-469A-A223-248DEFB413E0",
            "versionEndExcluding": "10.2.2",
            "versionStartIncluding": "10.2.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "6FCB2A3C-8069-4AAC-8746-4B9679DE8116",
            "versionEndExcluding": "9.3.2411.127",
            "versionStartIncluding": "9.3.2411",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "D5C098C2-9ED5-41B4-BE57-984B71027144",
            "versionEndExcluding": "10.0.2503.13",
            "versionStartIncluding": "10.0.2503",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "2490F8A7-7B04-4E40-9414-02C050DAEB10",
            "versionEndExcluding": "10.1.2507.19",
            "versionStartIncluding": "10.1.2507",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "601A4BEC-6F0D-4A52-8B68-18902574E84C",
            "versionEndExcluding": "10.2.2510.10",
            "versionStartIncluding": "10.2.2510",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "29253EBC-0E89-46ED-B504-E81F5D4E7E3F",
            "versionEndExcluding": "10.3.2512.6",
            "versionStartIncluding": "10.3.2512",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References