216.73.217.64

CVE-2026-20164

· Published 11/03/2026 17:16 · Modified 12/03/2026 21:08

Labels: CVE-2026-20164 2026-03-11CVE-2026-20164CWE-200[email protected]

Essential information

Published
11/03/2026 17:16
Modified
12/03/2026 21:08
Author
Creator
CVSS
6.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS metrics

Description

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, 10.0.2503.11, and 9.3.2411.123, a low-privileged user that does not hold the "admin" or "power" Splunk roles could access the `/splunkd/__raw/servicesNS/-/-/configs/conf-passwords` REST API endpoint, which exposes the hashed or plaintext password values that are stored in the passwords.conf configuration file due to improper access control. This vulnerability could allow for the unauthorized disclosure of sensitive credentials.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
splunk / splunk enterprise cpe:2.3:a:splunk:splunk_enterprise:<10.2.0:*:*:*:*:*:*:*
splunk / splunk enterprise cpe:2.3:a:splunk:splunk_enterprise:<10.0.3:*:*:*:*:*:*:*
splunk / splunk enterprise cpe:2.3:a:splunk:splunk_enterprise:<9.4.9:*:*:*:*:*:*:*
splunk / splunk enterprise cpe:2.3:a:splunk:splunk_enterprise:<9.3.10:*:*:*:*:*:*:*
splunk / splunk cloud platform cpe:2.3:a:splunk:splunk_cloud_platform:<10.2.2510.5:*:*:*:*:*:*:*
splunk / splunk cloud platform cpe:2.3:a:splunk:splunk_cloud_platform:<10.1.2507.16:*:*:*:*:*:*:*
splunk / splunk cloud platform cpe:2.3:a:splunk:splunk_cloud_platform:<10.0.2503.11:*:*:*:*:*:*:*
splunk / splunk cloud platform cpe:2.3:a:splunk:splunk_cloud_platform:<9.3.2411.123:*:*:*:*:*:*:*

References