CVE-2026-20144

medium

Splunk

CVSS v3 Base Score

6.8

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.0%

Exploitation probability in 30 days

Top 86% most likely to be exploited

Attack Characteristics

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Confidentiality

High

Integrity

High

Availability

High

Published: February 18, 2026 (84 days ago)

Last Modified: February 23, 2026

Vendor: Splunk

Description

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for Attribute query requests (AQRs) or Authentication extensions in plain text within the conf.log file, depending on which feature is configured.

CWE

CWE-532

Affected Products

splunk splunksplunk splunk cloud platform

References

🔗 advisory.splunk.com

CVE-2026-20144

Vulnerability Report

Description

CWE

Affected Products

References