CVE-2026-20144

216.73.217.22

· Published 18/02/2026 18:24 · Modified 19/02/2026 15:53

Labels: CVE-2026-20144 2026-02-18 CVE-2026-20144 CWE-532 [email protected]

Essential information

Published: 18/02/2026 18:24
Modified: 19/02/2026 15:53
Author: —
Creator: —
CVSS: 6.8 MEDIUM (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for Attribute query requests (AQRs) or Authentication extensions in plain text within the conf.log file, depending on which feature is configured.

NVD status

Status: Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
splunk / splunk enterprise	`cpe:2.3:a:splunk:splunk_enterprise:<10.2.0,10.0.2,9.4.7,9.3.8,9.2.11::::::`
splunk / splunk cloud platform	`cpe:2.3:a:splunk:splunk_cloud_platform:<10.2.2510.0,10.1.2507.11,10.0.2503.9,9.3.2411.120::::::`