Splunk: LowPrivileged User Access Bypass before 10.2.1/10.2.2510.7
CVE-2026-20165 Published on March 11, 2026
Sensitive Information Disclosure in MongoClient logging channel in Splunk Enterprise
In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve sensitive information by inspecting the job's search log due to improper access control in the MongoClient logging channel.
Weakness Type
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
Products Associated with CVE-2026-20165
stack.watch emails you whenever new vulnerabilities are published in Splunk or Splunk Cloud Platform. Just hit a watch button to start following.
Affected Versions
Splunk Enterprise:- Version 10.2 and below 10.2.1 is affected.
- Version 10.0 and below 10.0.4 is affected.
- Version 9.4 and below 9.4.9 is affected.
- Version 9.3 and below 9.3.10 is affected.
- Version 10.2.2510 and below 10.2.2510.7 is affected.
- Version 10.1.2507 and below 10.1.2507.17 is affected.
- Version 10.0.2503 and below 10.0.2503.12 is affected.
- Version 9.3.2411 and below 9.3.2411.124 is affected.