CVE-2026-20240

Published May 20, 2026

Last updated 2 months ago

CVSS medium 6.5
Splunk
Splunk Enterprise
Splunk Cloud Platform
Splunk Archiver

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-20240 describes a vulnerability found in Splunk Enterprise and Splunk Cloud Platform. This flaw stems from a missing input validation in the `coldToFrozen.sh` script, which is part of the `splunk_archiver` application. The script is designed to accept and rename arbitrary file paths without adequately restricting these operations to safe directories. Exploitation of this vulnerability allows a low-privileged user, who does not possess 'admin' or 'power' roles, to rename critical Splunk directories. This action can lead to a Denial of Service (DoS) condition, effectively making the Splunk instance non-functional.

Description
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the ‘admin’ or ‘power’ Splunk roles could cause a Denial of Service by exploiting the `coldToFrozen.sh` script in the `splunk_archiver` app to rename critical Splunk directories, making the instance non-functional.<br><br>The Denial of Service is possible because of missing input validation in the `coldToFrozen.sh` script, which accepts arbitrary file paths and renames them without restricting operations to safe directories.
Source
psirt@cisco.com
NVD status
Analyzed
Products
splunk, splunk_cloud_platform

Risk scores

CVSS 3.1

Type
Primary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity
MEDIUM

Weaknesses

psirt@cisco.com
CWE-20

Social media

Hype score
Not currently trending
  1. ⚠️ Vulnerabilidades en productos Splunk ❗ CVE-2026-20240 ❗ CVE-2026-20239 ➡️ Más info: https://t.co/gZKUC76S9x https://t.co/sLdJG15puQ

    @CERTpy

    1 Jun 2026

    76 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  2. Warning: #Splunk has released security updates addressing multiple vulnerabilities, including CVE-2026-20238, CVE-2026-20239, and CVE-2026-20240, across #Splunk Enterprise, #Splunk Cloud Platform, and #Splunk AI Toolkit. Risks of DoS conditions and sensitive data exposure. #Patch

    @CCBalert

    26 May 2026

    180 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. شركة (Splunk) نزلت ٣ تحديثات أمنية للمنتجات التالية 📍 ثغرة (CVE-2026-20238 | CVSS 6.5) المنتج المتأثر: (Splunk AI Toolkit) 📍 ثغرة (CVE-2026-20239 | CVSS 7.5) المنتج المتأثر: (Splunk Enterprise) و (Splu

    @buhaimedi

    24 May 2026

    3845 Impressions

    2 Retweets

    32 Likes

    31 Bookmarks

    1 Reply

    0 Quotes

  4. خطرناک اون زمانی هست که برای سیستم تشخیص نفوذ باگ منتشر بشه . برای Splunk چند آسیب پذیری با کدهای شناسایی CVE-2026-20238 و CVE-2026-20239 و CVE-2026-20240 منتشر شده که علاوه بر ای

    @EthicalSafe

    22 May 2026

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Splunkが深刻な脆弱性を修正。DoSのCVE-2026-20240やエラー時のバッファ漏洩CVE-2026-20239、AI Toolkitの機密情報漏洩CVE-2026-20238。 https://t.co/v5Y8zWQPFh

    @__kokumoto

    22 May 2026

    728 Impressions

    1 Retweet

    4 Likes

    1 Bookmark

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.