Splunk Enterprise auth null-byte user creation <10.2.2
CVE-2026-20202 Published on April 15, 2026
Improper Input Validation during User Account Creation in Splunk Enterprise
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127, a user who holds a role that contains the high-privilege capability `edit_user`could create a specially crafted username that includes a null byte or a non-UTF-8 percent-encoded byte due to improper input validation.<br><br>This could lead to inconsistent conversion of usernames into a proper format for storage and account management inconsistencies, such as being unable to edit or delete affected users.
Weakness Type
Improper Handling of Unicode Encoding
The software does not properly handle when an input contains Unicode encoding.
Products Associated with CVE-2026-20202
stack.watch emails you whenever new vulnerabilities are published in Splunk or Splunk Cloud Platform. Just hit a watch button to start following.
Affected Versions
Splunk Enterprise:- Version 10.2 and below 10.2.2 is affected.
- Version 10.0 and below 10.0.5 is affected.
- Version 9.4 and below 9.4.10 is affected.
- Version 9.3 and below 9.3.11 is affected.
- Version 10.4.2603 and below Not Affected is affected.
- Version 10.3.2512 and below 10.3.2512.6 is affected.
- Version 10.2.2510 and below 10.2.2510.10 is affected.
- Version 10.1.2507 and below 10.1.2507.20 is affected.
- Version 10.0.2503 and below 10.0.2503.13 is affected.
- Version 9.3.2411 and below 9.3.2411.127 is affected.