CVE-2026-20255
MediumCVSS 5.7Exploitation Probability (EPSS)
Low risk15th percentile — higher than 15% of all known CVEs
Summary
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user can craft a malicious classic dashboard that exfiltrates sensitive data to an external server.
Risk Assessment
This vulnerability may lead to unauthorized data disclosure, posing a significant security threat to the organization.
Recommendation
It is recommended to upgrade to the latest version of Splunk to mitigate the risks associated with this vulnerability.
Original NVD description (English source)
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server. The vulnerability exists because URL validation on the external content dialog is incomplete, which can allow for requests to untrusted domains when a user interacts with a crafted dashboard.

