CVE-2026-20166

MEDIUM EPSS 4.9%

Published Mar 11, 20263mo ago · Modified Mar 24, 20263mo ago

5.4 CVSS 3.1

Medium

Published Mar 11, 2026 3mo ago

Last Modified Mar 24, 2026 3mo ago

Description

In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.0.2503.12, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve the Observability Cloud API access token through the Discover Splunk Observability Cloud app due to improper access control. This vulnerability does not affect Splunk Enterprise versions below 9.4.9 and 9.3.10 because the Discover Splunk Observability Cloud app does not come with Splunk Enterprise.

CVSS Details

Base Score

5.4

Exploitability

2.8

Impact

2.5

Vector string

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality Low

Integrity Low

Availability None

Threat Intelligence

EPSS Exploit Probability

4.9% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure

Affected Products 5

Vendor	Product	Version	Range
splunk	splunk	*	≥10.0.0 – <10.0.4
splunk	splunk	10.2.0	any
splunk	splunk_cloud_platform	*	≥10.0.2503 – <10.0.2503.12
splunk	splunk_cloud_platform	*	≥10.1.2507 – <10.1.2507.16
splunk	splunk_cloud_platform	*	≥10.2.2510 – <10.2.2510.5

References 1

advisory.splunk.com https://advisory.splunk.com/advisories/SVD-2026-0305

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.