VDB
CVE-2026-20163
CVE-2026-20163
PUBLISHED
CVSS 8 HIGH
In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that contains the high-privilege capability `edit_cmd` could execute arbitrary shell commands using the `unarchive_cmd` parameter for the `/splunkd/__upload/indexing/preview` REST endpoint.
EPSS 0.08% · 22.8th percentile
Risk Scores
CVSS 3.1
8
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.08%
22.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Splunk | Splunk Cloud Platform | 10.2.2510, 9.3.2411, 10.1.2507 |
| splunk | splunk_cloud_platform | 10.1.2507, 9.3.2411, 10.0.2503 |
| splunk | splunk | 9.4.0, 9.3.0, 9.3.0 |
| Splunk | Splunk Enterprise | 9.4, 9.3, 9.4 |
Exploit Intelligence
- CIRCL seen: CVE-2026-20163 (circl-sighting)
- CIRCL seen: CVE-2026-20163 (circl-sighting)
- CIRCL seen: CVE-2026-20163 (circl-sighting)
- https://advisory.splunk.com/advisories/SVD-2026-0302 (circl)
- traffic_cve_webshell.yar (github-yara)
- traffic_cve_webshell.yar (github-yara)
- traffic_cve_webshell.yar (github-yara)
- traffic_cve_webshell.yar (github-yara)
- Splunk Remote Command Execution via Improper Input Validation (cxsecurity)
- Splunk Remote Command Execution via Improper Input Validation (cxsecurity)
Timeline
- Mar 11, 2026 CVE Published
- Mar 12, 2026 EPSS Score
- Mar 12, 2026 CVE Updated
- Mar 13, 2026 EPSS Score
- Mar 13, 2026 PoC Published
- Mar 14, 2026 EPSS Score
- Mar 15, 2026 EPSS Score
- Mar 15, 2026 PoC Published
- Mar 16, 2026 EPSS Score
- Mar 17, 2026 EPSS Score
- Mar 18, 2026 EPSS Score
- Mar 19, 2026 EPSS Score
References
- https://advisory.splunk.com/advisories/SVD-2026-0302 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0311 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0308 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0309 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0305 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0310 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0304 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0301 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0313 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0306 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0303 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0307 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0312 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-20163 advisory