Splunk 10.2.2/10.0.5 & Cloud 10.3.2512.8: Sensitive Data via _internal Index
CVE-2026-20239 Published on May 20, 2026
Sensitive Information Disclosure through Log Files in Splunk Enterprise
In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_internal` index could view session cookies and response bodies that contain sensitive data.
Weakness Type
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
Products Associated with CVE-2026-20239
stack.watch emails you whenever new vulnerabilities are published in Splunk or Splunk Cloud Platform. Just hit a watch button to start following.
Affected Versions
Splunk Enterprise:- Version 10.2 and below 10.2.2 is affected.
- Version 10.0 and below 10.0.5 is affected.
- Version 10.3.2512 and below 10.3.2512.8 is affected.
- Version 10.2.2510 and below 10.2.2510.11 is affected.
- Version 10.1.2507 and below 10.1.2507.21 is affected.
- Version 10.0.2503 and below 10.0.2503.13 is affected.