CVE-2026-20252

high Splunk
CVSS v3 Base Score
7.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
EPSS Score
0.3%
Exploitation probability in 30 days
Top 82% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Confidentiality
High
Integrity
Low
Availability
Low
Published: June 10, 2026 (29 days ago)
Last Modified: June 15, 2026
Vendor: Splunk
Source: NVD

Description

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could send server-side requests to arbitrary internal destinations through the Dashboard Studio PDF export feature. The vulnerability exists because the trusted-domain validation uses a prefix match that can be bypassed with attacker-controlled subdomains (for example, docs.splunk.com.evil.com), and because the PDF export service follows HTTP redirects automatically without re-validating each redirect target against the allowlist.

CWE

CWE-918

Affected Products

splunk splunksplunk splunk cloud platform

References