VDB
CVE-2026-20141
CVE-2026-20141
PUBLISHED
CVSS 4.300000190734863 MEDIUM
In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the "admin" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure.<br><br>The Monitoring Console app is a bundled app that comes with Splunk Enterprise. It is not available for download on SplunkBase, and is not installed on Splunk Cloud Platform instances. This vulnerability does not affect [Cloud Monitoring Console](https://help.splunk.com/en/splunk-cloud-platform/administer/admin-manual/10.2.2510/monitor-your-splunk-cloud-platform-deployment/introduction-to-the-cloud-monitoring-console).
EPSS 0.05% · 15.4th percentile
Risk Scores
CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Score
0.05%
15.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| splunk | splunk | 9.3.0, 9.4.0, 10.0.0 |
| Splunk | Splunk Enterprise | 10.0, 9.3, 9.4 |
Exploit Intelligence
Timeline
- Oct 8, 2025 CVE ID Reserved
- Feb 18, 2026 CVE Published
- Feb 18, 2026 CVE Updated
- Feb 19, 2026 EPSS Score
- Feb 21, 2026 EPSS Score
- Feb 22, 2026 EPSS Score
- Feb 24, 2026 EPSS Score
- Feb 26, 2026 EPSS Score
- Feb 28, 2026 EPSS Score
- Mar 1, 2026 EPSS Score
- Mar 3, 2026 EPSS Score
- Mar 5, 2026 EPSS Score
References
- https://advisory.splunk.com/advisories/SVD-2026-0210 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0206 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0204 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0211 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0202 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0205 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0203 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0207 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0209 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0208 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0212 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-20141 advisory