CVE-2026-20239

Published May 20, 2026

Last updated 2 months ago

CVSS high 7.5
Splunk
Splunk Enterprise
Splunk Cloud Platform

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-20239 is an information disclosure vulnerability affecting specific versions of Splunk Enterprise and Splunk Cloud Platform. The flaw allows a user with access to the `_internal` index to view sensitive data, including session cookies and response bodies. This vulnerability stems from a lack of output buffer sanitization within the `TcpChannel` component. When socket errors occur, this component logs the full contents of I/O buffers at a WARN level, inadvertently exposing sensitive information. Affected Splunk Enterprise versions are those below 10.2.2 and 10.0.5, while Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13 are also impacted.

Description
In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_internal` index could view session cookies and response bodies that contain sensitive data.
Source
psirt@cisco.com
NVD status
Analyzed
Products
splunk, splunk_cloud_platform

Risk scores

CVSS 3.1

Type
Primary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

psirt@cisco.com
CWE-532

Social media

Hype score
Not currently trending
  1. ⚠️ Vulnerabilidades en productos Splunk ❗ CVE-2026-20240 ❗ CVE-2026-20239 ➡️ Más info: https://t.co/gZKUC76S9x https://t.co/sLdJG15puQ

    @CERTpy

    1 Jun 2026

    76 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  2. Warning: #Splunk has released security updates addressing multiple vulnerabilities, including CVE-2026-20238, CVE-2026-20239, and CVE-2026-20240, across #Splunk Enterprise, #Splunk Cloud Platform, and #Splunk AI Toolkit. Risks of DoS conditions and sensitive data exposure. #Patch

    @CCBalert

    26 May 2026

    180 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. شركة (Splunk) نزلت ٣ تحديثات أمنية للمنتجات التالية 📍 ثغرة (CVE-2026-20238 | CVSS 6.5) المنتج المتأثر: (Splunk AI Toolkit) 📍 ثغرة (CVE-2026-20239 | CVSS 7.5) المنتج المتأثر: (Splunk Enterprise) و (Splu

    @buhaimedi

    24 May 2026

    3845 Impressions

    2 Retweets

    32 Likes

    31 Bookmarks

    1 Reply

    0 Quotes

  4. خطرناک اون زمانی هست که برای سیستم تشخیص نفوذ باگ منتشر بشه . برای Splunk چند آسیب پذیری با کدهای شناسایی CVE-2026-20238 و CVE-2026-20239 و CVE-2026-20240 منتشر شده که علاوه بر ای

    @EthicalSafe

    22 May 2026

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Splunkが深刻な脆弱性を修正。DoSのCVE-2026-20240やエラー時のバッファ漏洩CVE-2026-20239、AI Toolkitの機密情報漏洩CVE-2026-20238。 https://t.co/v5Y8zWQPFh

    @__kokumoto

    22 May 2026

    728 Impressions

    1 Retweet

    4 Likes

    1 Bookmark

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.