CVE Catalog

CVE-2026-20260

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.10%

27th percentile — higher than 27% of all known CVEs

Summary

In Splunk SOAR versions below 8.5.0, an unauthenticated attacker could inject ANSI escape codes into SOAR application log files through specially crafted HTTP request paths. The injection is possible because SOAR does not strip control characters from HTTP request paths before writing them to application logs.

Risk Assessment

An attacker could exploit this vulnerability to inject malicious codes that may be interpreted by a terminal emulator, potentially leading to information disclosure or unauthorized actions by the administrator.

Recommendation

It is recommended to upgrade Splunk SOAR to version 8.5.0 or later to mitigate this vulnerability. Additionally, implementing input validation and filtering mechanisms in the application is advisable.

Original NVD description (English source)

In Splunk SOAR (Security Orchestration, Automation, and Response) versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute (ANSI) escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might interpret when an administrator views the logs.<br><br>The injection is possible because SOAR does not strip control characters from HTTP request paths before writing them to application logs.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS