{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20141", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2025-10-08T11:59:15.382Z", "datePublished": "2026-02-18T16:45:21.436Z", "dateUpdated": "2026-02-18T17:56:35.360Z"}, "containers": {"cna": {"affected": [{"product": "Splunk Enterprise", "vendor": "Splunk", "versions": [{"version": "10.0", "status": "affected", "versionType": "custom", "lessThan": "10.0.3"}, {"version": "9.4", "status": "affected", "versionType": "custom", "lessThan": "9.4.8"}, {"version": "9.3", "status": "affected", "versionType": "custom", "lessThan": "9.3.9"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the \"admin\" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure.<br><br>The Monitoring Console app is a bundled app that comes with Splunk Enterprise. It is not available for download on SplunkBase, and is not installed on Splunk Cloud Platform instances. This vulnerability does not affect [Cloud Monitoring Console](https://help.splunk.com/en/splunk-cloud-platform/administer/admin-manual/10.2.2510/monitor-your-splunk-cloud-platform-deployment/introduction-to-the-cloud-monitoring-console)."}], "value": "In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the \"admin\" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure.<br><br>The Monitoring Console app is a bundled app that comes with Splunk Enterprise. It is not available for download on SplunkBase, and is not installed on Splunk Cloud Platform instances. This vulnerability does not affect [Cloud Monitoring Console](https://help.splunk.com/en/splunk-cloud-platform/administer/admin-manual/10.2.2510/monitor-your-splunk-cloud-platform-deployment/introduction-to-the-cloud-monitoring-console)."}], "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2026-0206"}], "title": "Improper Access Control in Splunk Monitoring Console App", "datePublic": "2026-02-18T00:00:00.000Z", "metrics": [{"cvssV3_1": {"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.", "cweId": "CWE-200"}]}], "source": {"advisory": "SVD-2026-0206"}, "credits": [{"lang": "en", "value": "Mohammad Fahad Khan (fahadkhan01)"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-02-18T16:45:21.436Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-18T17:55:47.728758Z", "id": "CVE-2026-20141", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-18T17:56:35.360Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20141", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-18T17:55:47.728758Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-18T17:56:27.785Z"}}], "cna": {"title": "Improper Access Control in Splunk Monitoring Console App", "source": {"advisory": "SVD-2026-0206"}, "credits": [{"lang": "en", "value": "Mohammad Fahad Khan (fahadkhan01)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Splunk", "product": "Splunk Enterprise", "versions": [{"status": "affected", "version": "10.0", "lessThan": "10.0.3", "versionType": "custom"}, {"status": "affected", "version": "9.4", "lessThan": "9.4.8", "versionType": "custom"}, {"status": "affected", "version": "9.3", "lessThan": "9.3.9", "versionType": "custom"}]}], "datePublic": "2026-02-18T00:00:00.000Z", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2026-0206"}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the \"admin\" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure.<br><br>The Monitoring Console app is a bundled app that comes with Splunk Enterprise. It is not available for download on SplunkBase, and is not installed on Splunk Cloud Platform instances. This vulnerability does not affect [Cloud Monitoring Console](https://help.splunk.com/en/splunk-cloud-platform/administer/admin-manual/10.2.2510/monitor-your-splunk-cloud-platform-deployment/introduction-to-the-cloud-monitoring-console).", "supportingMedia": [{"type": "text/html", "value": "In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the \"admin\" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure.<br><br>The Monitoring Console app is a bundled app that comes with Splunk Enterprise. It is not available for download on SplunkBase, and is not installed on Splunk Cloud Platform instances. This vulnerability does not affect [Cloud Monitoring Console](https://help.splunk.com/en/splunk-cloud-platform/administer/admin-manual/10.2.2510/monitor-your-splunk-cloud-platform-deployment/introduction-to-the-cloud-monitoring-console).", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-200", "description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information."}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-02-18T16:45:21.436Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20141", "state": "PUBLISHED", "dateUpdated": "2026-02-18T17:56:35.360Z", "dateReserved": "2025-10-08T11:59:15.382Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2026-02-18T16:45:21.436Z", "assignerShortName": "cisco"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "0D9ACC64-CE37-4DBF-9315-E2DA76A3EAD2", "versionEndExcluding": "9.3.9", "versionStartIncluding": "9.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "657A9AFC-2335-4C32-8B81-901D1C742592", "versionEndExcluding": "9.4.8", "versionStartIncluding": "9.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "CB313879-7BD8-411A-B503-01689F0B326E", "versionEndExcluding": "10.0.3", "versionStartIncluding": "10.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the \"admin\" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure.<br><br>The Monitoring Console app is a bundled app that comes with Splunk Enterprise. It is not available for download on SplunkBase, and is not installed on Splunk Cloud Platform instances. This vulnerability does not affect [Cloud Monitoring Console](https://help.splunk.com/en/splunk-cloud-platform/administer/admin-manual/10.2.2510/monitor-your-splunk-cloud-platform-deployment/introduction-to-the-cloud-monitoring-console)."}, {"lang": "es", "value": "En las versiones de Splunk Enterprise anteriores a la 10.0.2, 10.0.3, 9.4.8 y 9.3.9, un usuario con pocos privilegios que no posea el rol de Splunk 'admin' podr\u00eda acceder a los endpoints de la aplicaci\u00f3n Splunk Monitoring Console debido a un control de acceso inadecuado. Esto podr\u00eda llevar a una revelaci\u00f3n de informaci\u00f3n sensible.\n\nLa aplicaci\u00f3n Monitoring Console es una aplicaci\u00f3n incluida que viene con Splunk Enterprise. No est\u00e1 disponible para descargar en SplunkBase y no est\u00e1 instalada en instancias de Splunk Cloud Platform. Esta vulnerabilidad no afecta a [Cloud Monitoring Console](https://help.splunk.com/en/splunk-cloud-platform/administer/admin-manual/10.2.2510/monitor-your-splunk-cloud-platform-platform-deployment/introduction-to-the-cloud-monitoring-console)."}], "id": "CVE-2026-20141", "lastModified": "2026-02-23T14:46:16.627", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-18T18:24:26.827", "references": [{"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "https://advisory.splunk.com/advisories/SVD-2026-0206"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "psirt@cisco.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[10.0,10.0.3)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[9.4,9.4.8)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[9.3,9.3.9)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Splunk Enterprise", "source": "cna", "vendor": "Splunk"}, "product": "splunk_enterprise", "vendor": "splunk"}], "analysis": {"en": {"generated_at": "2026-04-17T18:37:42.040680+00:00", "value": {"mitigation_remediation": ["Upgrade Splunk Enterprise to a version equal to or newer than 10.0.2, 10.0.3, 9.4.8, or 9.3.9 to eliminate the improper access control.", "If an immediate upgrade cannot be performed, restrict the Monitoring Console App so that only users with the admin role can access its endpoints, removing or disabling access for all non\u2011admin accounts.", "Re\u2011evaluate and adjust Splunk role assignments to ensure that sensitive apps such as Monitoring Console are only enabled for administrators, preventing accidental exposure of protected data."], "summary": {"action": "Patch", "impact": "Sensitive Information Disclosure"}, "threat_synthesis": {"affected_systems": "Splunk Enterprise versions older than 10.0.2, 10.0.3, 9.4.8, and 9.3.9 are affected. The Monitoring Console App is included with on\u2011premises installations and is not available through SplunkBase nor installed on Splunk Cloud Platform instances, so the vulnerability does not impact cloud deployments.", "description_and_impact": "The vulnerability arises from improper access control within the Splunk Monitoring Console App bundled with Splunk Enterprise. The flaw allows a low\u2011privileged, non\u2011admin Splunk user to access endpoints that should be restricted, thereby exposing sensitive information that would normally be protected by role\u2011based permissions. This weakness is identified in the CVE as CWE\u2011200, a data\u2011exposure vulnerability.", "risk_and_exploitability": "The CVSS score of 4.3 indicates a moderate severity. The EPSS score of less than 1% shows a very low exploitation probability. The vulnerability is not listed in the CISA KEV catalog. It is likely to be exploited by an authenticated local user who possesses a Splunk account but lacks the admin role; no remote execution or privilege escalation is possible based on the available data."}}}}, "created": "2026-02-19T10:11:37.402580+00:00", "updated": "2026-04-17T18:45:25.548874+00:00", "vendors": ["splunk", "splunk$PRODUCT$splunk_enterprise"]}