Low-privileged user reads Observability Cloud API token in Splunk <10.2.1
CVE-2026-20166 Published on March 11, 2026
Sensitive Information Disclosure in Discover Splunk Observability Cloud app for Splunk Enterprise
In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.0.2503.12, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve the Observability Cloud API access token through the Discover Splunk Observability Cloud app due to improper access control.
This vulnerability does not affect Splunk Enterprise versions below 9.4.9 and 9.3.10 because the Discover Splunk Observability Cloud app does not come with Splunk Enterprise.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2026-20166 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2026-20166
stack.watch emails you whenever new vulnerabilities are published in Splunk or Splunk Cloud Platform. Just hit a watch button to start following.
Affected Versions
Splunk Enterprise:- Version 10.2 and below 10.2.1 is affected.
- Version 10.0 and below 10.0.4 is affected.
- Version 10.2.2510 and below 10.2.2510.5 is affected.
- Version 10.1.2507 and below 10.1.2507.16 is affected.
- Version 10.0.2503 and below 10.0.2503.12 is affected.