VDB

CVE-2026-20164

CVE-2026-20164 PUBLISHED CVSS 6.5 MEDIUM

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, 10.0.2503.11, and 9.3.2411.123, a low-privileged user that does not hold the "admin" or "power" Splunk roles could access the `/splunkd/__raw/servicesNS/-/-/configs/conf-passwords` REST API endpoint, which exposes the hashed or plaintext password values that are stored in the passwords.conf configuration file due to improper access control. This vulnerability could allow for the unauthorized disclosure of sensitive credentials.

EPSS 0.05% · 15.4th percentile

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.05%
15.4th percentile

Affected Products

VendorProductVersions
SplunkSplunk Enterprise10.0, 10.0, 9.4
splunksplunk9.3.0, 9.4.0, 10.0.0
SplunkSplunk Cloud Platform10.0.2503, 10.2.2510, 10.1.2507
splunksplunk_cloud_platform9.3.2411, 10.0.2503, 10.1.2507

Exploit Intelligence

Timeline

  • Mar 11, 2026 CVE Published
  • Mar 12, 2026 EPSS Score
  • Mar 12, 2026 CVE Updated
  • Mar 13, 2026 EPSS Score
  • Mar 14, 2026 EPSS Score
  • Mar 15, 2026 EPSS Score
  • Mar 16, 2026 EPSS Score
  • Mar 17, 2026 EPSS Score
  • Mar 18, 2026 EPSS Score
  • Mar 19, 2026 EPSS Score
  • Mar 20, 2026 EPSS Score
  • Mar 21, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›