Splunk enterprise

This hub aggregates every CVE we track for Splunk enterprise, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Splunk enterprise.

• CVE-2026-20258Stored Cross-Site Scripting (XSS) through Classic Dashboard in Splunk Enterprise7.1Jun 10, 2026
• CVE-2026-20253Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk EnterpriseKEV9.8Jun 10, 2026
• CVE-2026-20252Server-Side Request Forgery (SSRF) through Dashboard Studio PDF Export in Splunk Enterprise7.6Jun 10, 2026
• CVE-2026-20257Improper Input Validation through Classic Dashboard CSS in Splunk Enterprise5.7Jun 10, 2026
• CVE-2026-20259Improper Access Control in Splunk Enterprise5.5Jun 10, 2026
• CVE-2026-20255Improper Input Validation through Classic Dashboards in Splunk Enterprise5.7Jun 10, 2026
• CVE-2026-20251Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway8.8Jun 10, 2026
• CVE-2026-20254Information Disclosure through External Content Restriction Bypass in Splunk Enterprise5.7Jun 10, 2026
• CVE-2026-20256Improper Input Validation through Protocol-Relative URL in Classic Dashboards in Splunk Enterprise5.7Jun 10, 2026
• CVE-2026-20239Sensitive Information Disclosure through Log Files in Splunk Enterprise7.5May 20, 2026
• CVE-2026-20240Denial of Service through coldToFrozen.sh Script in Splunk Enterprise6.5May 20, 2026
• CVE-2026-20203Improper Access Control in Data Model Acceleration in Splunk Enterprise4.3Apr 15, 2026
• CVE-2026-20204Improper Handling and Insufficient Isolation of Specific Temporary Files in Splunk Enterprise7.1Apr 15, 2026
• CVE-2026-20202Improper Input Validation during User Account Creation in Splunk Enterprise6.6Apr 15, 2026
• CVE-2026-20163Remote Command Execution (RCE) through the '/splunkd/__upload/indexing/preview' REST endpoint in Splunk Enterprise7.2Mar 11, 2026