VDB
CVE-2026-20144
CVE-2026-20144
PUBLISHED
CVSS 6.800000190734863 MEDIUM
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for Attribute query requests (AQRs) or Authentication extensions in plain text within the conf.log file, depending on which feature is configured.
EPSS 0.08% · 24.0th percentile
Risk Scores
CVSS 3.1
6.800000190734863
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.08%
24.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| splunk | splunk_cloud_platform | 10.1.2507, 9.3.2411, 10.0.2503 |
| Splunk | Splunk Cloud Platform | 10.1.2507, 9.3.2411, 10.0.2503 |
| Splunk | Splunk Enterprise | 9.2, 10.0, 9.3 |
| splunk | splunk | 9.3.0, 9.4.0, 9.2.0 |
Exploit Intelligence
Timeline
- Oct 8, 2025 CVE ID Reserved
- Feb 18, 2026 CVE Published
- Feb 19, 2026 EPSS Score
- Feb 21, 2026 EPSS Score
- Feb 22, 2026 EPSS Score
- Feb 24, 2026 EPSS Score
- Feb 26, 2026 EPSS Score
- Feb 26, 2026 CVE Updated
- Feb 28, 2026 EPSS Score
- Mar 1, 2026 EPSS Score
- Mar 3, 2026 EPSS Score
- Mar 5, 2026 EPSS Score
References
- https://advisory.splunk.com/advisories/SVD-2026-0210 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0206 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0204 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0211 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0202 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0205 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0203 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0207 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0209 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0208 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0212 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-20144 advisory