Skip to content

RadicalNotion.AI

We do not sell or share your personal information

© 2026 RadicalNotion.AI

Security Data

CWE Directory
CAPEC Directory
CNA Directory
CNA Report Cards
Data Sources

Calculators

CVSS Calculator
CVSS 4.0
CVSS 3.1
CVSS 3.0
CVSS 2.0

Platform

My Vulnerabilities
Insights
Notifications
Account
Pricing

Learn

All guides
What is a CVE?
What is CVSS?
The CISA KEV catalog
What is EPSS?

Company

About us
Blog
Book a demo

Get Started

Sign up
Log in

Legal

Privacy
Terms

Security data

Weaknesses (CWE)The MITRE CWE weakness catalog
Attack Patterns (CAPEC)MITRE CAPEC attack patterns
CNAsNumbering authorities + report cards
VendorsVulnerabilities by vendor

Tools

CVSS CalculatorScore CVSS 4.0, 3.1, 3.0 & 2.0

Resources

LearnPlain-English security guides
Data SourcesHow we source CVE data

About Us Blog Pricing Book a Demo

Log in

Home
Vendors
Splunk
Splunk Enterprise

Splunk Enterprise Vulnerabilities: CVEs, CISA KEV & Security Advisories

140 CVEs

Splunk Enterprise Vulnerabilities

CVE security advisories and vulnerability history for Splunk Enterprise by Splunk.

140

Total CVEs

Published

0

In CISA KEV

Exploited in the wild

15

Public exploits

With known exploit

6.2

Avg CVSS

2022–2026

Last updated May 20, 2026

Overview

Splunk Enterprise has 140 published CVE records since 2022, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 15 have a known public exploit. The average CVSS base score across scored CVEs is 6.2.

This page aggregates every publicly disclosed vulnerability (CVE) affecting Splunk Enterprise, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.

Severity and exploitation

How the CVSS severity of Splunk Enterprise's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical0

High54

Medium76

Low10

In CISA’s Known Exploited Vulnerabilities catalog

0

None of Splunk Enterprise's CVEs are currently listed in CISA's KEV catalog.

Public exploits

15

15 of Splunk Enterprise's CVEs have a known public exploit available.

Affected versions and CVEs

Browse every Splunk Enterprise version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

7.3 version(s) before 7.3.91 CVE
8.0 version(s) before 8.0.91 CVE
8.1 version(s) before 8.1.31 CVE
8.2 version(s) before 8.2.01 CVE
8.2 version(s) before 8.2.11 CVE
Version(s) before 8.1.51 CVE

Fixed in

Default status

All versions11 CVEs

Find a version

140 CVEs

Sort

Sensitive Information Disclosure through Log Files in Splunk Enterprise
CVE-2026-20239
Patch
CWE-532
High · CVSS 7.5
EPSS 0.0% (3th pct)2026-05-20
Denial of Service through coldToFrozen.sh Script in Splunk Enterprise
CVE-2026-20240
Patch
CWE-20
High · CVSS 7.1
EPSS 0.1% (17th pct)2026-05-20
Improper Access Control in Data Model Acceleration in Splunk Enterprise
CVE-2026-20203
Patch
CWE-284
Medium · CVSS 4.3
EPSS 0.0% (11th pct)2026-04-15
Improper Handling and Insufficient Isolation of Specific Temporary Files in Splunk Enterprise
CVE-2026-20204
Patch
CWE-377
High · CVSS 7.1
EPSS 0.2% (44th pct)2026-04-15
Improper Input Validation during User Account Creation in Splunk Enterprise
CVE-2026-20202
Patch
CWE-176
Medium · CVSS 6.6
EPSS 0.1% (19th pct)2026-04-15
Remote Command Execution (RCE) through the '/splunkd/__upload/indexing/preview' REST endpoint in Splunk Enterprise
CVE-2026-20163
Patch
CWE-77
High · CVSS 8.0
EPSS 0.1% (23th pct)2026-03-11
Stored Cross-Site Scripting (XSS) through Path Traversal in Splunk Enterprise
CVE-2026-20162
Patch
CWE-79
Medium · CVSS 6.3
EPSS 0.1% (17th pct)2026-03-11
Sensitive Information Disclosure in Discover Splunk Observability Cloud app for Splunk Enterprise
CVE-2026-20166
Patch
CWE-200
Medium · CVSS 5.4
EPSS 0.0% (14th pct)2026-03-11
Sensitive Information Disclosure through Improper Access Control in Splunk Enterprise
CVE-2026-20164
Patch
CWE-200
Medium · CVSS 6.5
EPSS 0.0% (15th pct)2026-03-11
Sensitive Information Disclosure in MongoClient logging channel in Splunk Enterprise
CVE-2026-20165
Patch
CWE-532
Medium · CVSS 6.3
EPSS 0.0% (15th pct)2026-03-11
Sensitive Information Disclosure in "_internal" index in Splunk Enterprise
CVE-2026-20142
Patch
CWE-532
Medium · CVSS 6.8
EPSS 0.1% (24th pct)2026-02-18
Sensitive Information Disclosure in "_internal" index in Splunk Enterprise
CVE-2026-20138
Patch
CWE-532
Medium · CVSS 6.8
EPSS 0.1% (24th pct)2026-02-18
Client-Side Denial of Service (DoS) through ''/splunkd/__raw/services/authentication/users/username'' REST API endpoint in Splunk Enterprise
CVE-2026-20139
Patch
CWE-400
Medium · CVSS 4.3
EPSS 0.1% (25th pct)2026-02-18
Sensitive Information Disclosure in ''_internal'' index in Splunk Enterprise
CVE-2026-20144
Patch
CWE-532
Medium · CVSS 6.8
EPSS 0.1% (24th pct)2026-02-18
Improper Access Control in Splunk Monitoring Console App
CVE-2026-20141
Patch
CWE-200
Medium · CVSS 4.3
EPSS 0.0% (15th pct)2026-02-18
Risky Commands Safeguards Bypass through preloaded Data Models due to Path Traversal vulnerability in Splunk Enterprise
CVE-2026-20137
Patch
CWE-200
Low · CVSS 3.5
EPSS 0.0% (13th pct)2026-02-18
Blind Server Side Request Forgery (SSRF) through Distributed Search Peers in Splunk Enterprise
CVE-2025-20388
Patch
CWE-918
Low · CVSS 2.7
EPSS 0.0% (11th pct)2025-12-03
Improper Input Validation in "label" column field in Splunk Secure Gateway App
CVE-2025-20389
Patch
CWE-20
Medium · CVSS 4.3
EPSS 0.1% (30th pct)2025-12-03
Incorrect permissions assignment on Splunk Universal Forwarder for Windows during new installation or upgrade
CVE-2025-20387
Patch
CWE-732
High · CVSS 8.0
EPSS 0.0% (9th pct)2025-12-03
Improper access control through push notifications for reports and alerts in Splunk Secure Gateway app
CVE-2025-20383
Patch
CWE-200
Medium · CVSS 4.3
EPSS 0.0% (12th pct)2025-12-03
Unauthenticated Log Injection in Splunk Enterprise
CVE-2025-20384
Patch
CWE-117
Medium · CVSS 5.3
EPSS 0.1% (30th pct)2025-12-03
Incorrect permission assignment on Splunk Enterprise for Windows during new installation or upgrade
CVE-2025-20386
Patch
CWE-732
High · CVSS 8.0
EPSS 0.0% (9th pct)2025-12-03
Stored Cross-Site scripting (XSS) through Anchor Tag "href" in Navigation Bar Collections in Splunk Enterprise
CVE-2025-20385
Patch
CWE-79
Low · CVSS 2.4
EPSS 0.0% (9th pct)2025-12-03
URL validation bypass through Views Dashboard in Splunk Enterprise
CVE-2025-20382
Patch
CWE-601
Low · CVSS 3.5
EPSS 0.0% (8th pct)2025-12-03
Risky command safeguards bypass using the “/services/streams/search“ REST endpoint through “q“ parameter in Splunk Enterprise
CVE-2025-20379
Patch
CWE-200
Low · CVSS 3.5
EPSS 0.0% (8th pct)2025-11-12
Open Redirect on Web Login endpoint in Splunk Enterprise
CVE-2025-20378
Patch
CWE-601
Low · CVSS 3.1
EPSS 0.1% (17th pct)2025-11-12
Stored Cross-Site Scripting (XSS) through missing field warning messages in Saved Search and Job Inspector on Splunk Enterprise
CVE-2025-20368
Patch
CWE-79
Medium · CVSS 5.7
EPSS 0.0% (15th pct)2025-10-01
Unauthenticated Blind Server Side Request Forgery (SSRF) in Splunk Enterprise
CVE-2025-20371
Patch
CWE-918
High · CVSS 7.5
EPSS 0.1% (24th pct)2025-10-01
Reflected Cross-site Scripting (XSS) in '/app/search/table' endpoint through the 'dataset.command' parameter on Splunk Enterprise
CVE-2025-20367
Patch
CWE-79
Medium · CVSS 5.7
EPSS 0.0% (15th pct)2025-10-01
Denial of Service (DoS) through Multiple LDAP Bind Requests in Splunk Enterprise
CVE-2025-20370
Patch
CWE-400
Medium · CVSS 4.9
EPSS 0.1% (26th pct)2025-10-01

Showing 30 of 140

Common weakness types

The CWE weakness categories most often found in Splunk Enterprise CVEs. Follow any weakness for its full explanation.

CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')20 CVEs
CWE-200Exposure of Sensitive Information to an Unauthorized Actor18 CVEs
CWE-20Improper Input Validation16 CVEs
CWE-284Improper Access Control10 CVEs
CWE-532Insertion of Sensitive Information into Log File8 CVEs
CWE-400Uncontrolled Resource Consumption7 CVEs
CWE-502Deserialization of Untrusted Data5 CVEs
CWE-285Improper Authorization5 CVEs

Disclosure activity by year

How many Splunk Enterprise CVEs were published each year.

2022

25

2023

30

2024

37

2025

32

2026

16

Other Splunk products

Browse vulnerabilities for other products by Splunk.

splunk192 CVEs Splunk Cloud Platform103 CVEs universal forwarder62 CVEs Splunk Cloud11 CVEs cloud10 CVEs splunk_enterprise10 CVEs splunk_cloud_platform9 CVEs Splunk Secure Gateway7 CVEs

All Splunk vulnerabilities

Frequently asked questions

Common questions about Splunk Enterprise vulnerabilities.

How many CVEs does Splunk Splunk Enterprise have?

Splunk Splunk Enterprise has 140 published CVE records since 2022.

How many Splunk Splunk Enterprise CVEs are in CISA KEV?

None of Splunk Splunk Enterprise's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.

Are there public exploits for Splunk Splunk Enterprise vulnerabilities?

Yes — 15 of Splunk Splunk Enterprise's CVEs have a known public exploit.

Which versions of Splunk Splunk Enterprise are affected?

85 distinct Splunk Splunk Enterprise versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.

What are the most common weakness types in Splunk Splunk Enterprise CVEs?

Splunk Splunk Enterprise's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), CWE-20 (Improper Input Validation), CWE-284 (Improper Access Control).

What is the average severity of Splunk Splunk Enterprise CVEs?

The average CVSS base score across Splunk Splunk Enterprise's scored CVEs is 6.2.

References

All Splunk vulnerabilities
The MITRE CVE Program (opens in a new tab)
Learn: What is a CVE?
CWE directory: the weakness types these CVEs map to

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track Splunk Enterprise vulnerabilities

Monitor new Splunk Enterprise vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing

On this page

Overview
Severity and exploitation
Affected versions and CVEs
Common weakness types
Disclosure activity
Other products
FAQ
References