Splunk

73 CVEs tracked in the last 90 days

73 Total CVEs

6 Critical

18 High

43 Medium

6 Low

Severity Distribution

Critical 6 (8.2%)

High 18 (24.7%)

Medium 43 (58.9%)

Low 6 (8.2%)

Top Affected Products

splunk splunk 51

haxx curl 16

netapp clustered data ontap 12

debian debian linux 11

splunk splunk cloud platform 10

fedoraproject fedora 10

netapp h300s firmware 9

netapp h500s firmware 9

CVSS Score Distribution

Latest CVEs

CVE ID	Severity	CVSS	Description	Published	Modified
CVE-2026-20204	high	7.1	In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform ve…	Apr 15, 2026	Apr 17, 2026
CVE-2026-20203	medium	4.3	In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform ve…	Apr 15, 2026	Apr 17, 2026
CVE-2026-20202	medium	6.6	In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform ve…	Apr 15, 2026	Apr 17, 2026
CVE-2026-20166	medium	5.4	In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2…	Mar 11, 2026	Mar 24, 2026
CVE-2026-20165	medium	6.3	In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform ver…	Mar 11, 2026	Mar 24, 2026
CVE-2026-20164	medium	6.5	In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform ver…	Mar 11, 2026	Mar 24, 2026
CVE-2026-20163	high	7.2	In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform ver…	Mar 11, 2026	Mar 24, 2026
CVE-2026-20162	medium	6.3	In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform vers…	Mar 11, 2026	Mar 12, 2026
CVE-2026-20144	medium	6.8	In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platf…	Feb 18, 2026	Feb 23, 2026
CVE-2026-20142	medium	6.8	In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Sea…	Feb 18, 2026	Feb 23, 2026
CVE-2026-20141	medium	4.3	In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does…	Feb 18, 2026	Feb 23, 2026
CVE-2026-20139	medium	4.3	In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platf…	Feb 18, 2026	Feb 20, 2026
CVE-2026-20138	medium	6.8	In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Sea…	Feb 18, 2026	Feb 20, 2026
CVE-2026-20137	low	3.5	In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platfo…	Feb 18, 2026	Feb 20, 2026
CVE-2025-14847	high	7.5	Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap …	Dec 19, 2025	Jan 13, 2026
CVE-2023-27533	high	8.8	A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protoc…	Mar 30, 2023	Feb 13, 2026
CVE-2023-23915	medium	6.5	A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could c…	Feb 23, 2023	Feb 13, 2026
CVE-2022-43551	high	7.5	A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using H…	Dec 23, 2022	Feb 13, 2026
CVE-2022-32221	critical	9.8	When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION…	Dec 5, 2022	Feb 13, 2026
CVE-2022-42916	high	7.5	In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using it…	Oct 29, 2022	Feb 13, 2026
CVE-2022-35737	high	7.5	SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of …	Aug 3, 2022	Feb 13, 2026
CVE-2022-32156	high	8.1	In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface …	Jun 15, 2022	Feb 25, 2026
CVE-2022-27782	high	7.5	libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been ch…	Jun 2, 2022	Apr 16, 2026
CVE-2022-27781	high	7.5	libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returne…	Jun 2, 2022	Apr 16, 2026
CVE-2022-27774	medium	5.7	An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 …	Jun 2, 2022	Apr 16, 2026