"A high-severity flaw in Splunk Enterprise and Cloud Platform, tracked as CVE-2026-20204, could be exploited by low-privileged users to upload a malicious file to a temporary directory and achieve remote code execution (RCE)."
"Two medium-severity issues were addressed in Splunk Enterprise and Cloud Platform, one allowing the creation of usernames with a null byte or non-UTF-8 percent-encoded byte, and the other enabling attackers to toggle Data Model Acceleration."
"CVE-2026-20205, a high-severity vulnerability in the MCP Server app, could allow authenticated attackers to view users' sessions and authorization tokens in clear text, requiring local access to log files or administrative access to internal indexes."
"Splunk has patched vulnerabilities in third-party packages across its products, including the Operator for Kubernetes Add-on and IT Service Intelligence app, with no reports of these vulnerabilities being exploited in the wild."
Splunk has addressed several vulnerabilities in its products, including a high-severity flaw in Splunk Enterprise and Cloud Platform that allows remote code execution by low-privileged users. Two medium-severity issues were also fixed, affecting username creation and Data Model Acceleration. Users are advised to update to specific versions of Splunk Enterprise to mitigate these risks. Additionally, a high-severity vulnerability in the MCP Server app was resolved, which could expose user sessions and tokens. Fixes were also applied to third-party packages without reports of exploitation in the wild.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]