← Back to CVEs
CVE-2026-20165
MEDIUM6.3
Description
In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve sensitive information by inspecting the job's search log due to improper access control in the MongoClient logging channel.
CVE Details
CVSS v3.1 Score6.3
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published3/11/2026
Last Modified3/24/2026
Sourcenvd
Honeypot Sightings0
Affected Products
splunk:splunksplunk:splunk_cloud_platform
Weaknesses (CWE)
CWE-532CWE-532
References
https://advisory.splunk.com/advisories/SVD-2026-0304(psirt@cisco.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.