CVE-2026-20163 Splunk — Exploit & Vulnerability Details HIGH

CVE-2026-20163

HIGH CVSS 3.1: 7.2 EPSS 0.05%

Parameter	Value
CVSS	7.2 (HIGH)
Type	CWE-77 (Command Injection)
Vendor	Splunk
Public PoC	No

In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that contains the high-privilege capability `edit_cmd` could execute arbitrary shell commands using the `unarchive_cmd` parameter for the `/splunkd/__upload/indexing/preview` REST endpoint.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

High

Admin privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-77 Command Injection

References 1

https://advisory.splunk.com/advisories/SVD-2026-0302

psirt@cisco.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-20166

Splunk

5.4

CVE-2026-20165

Splunk

6.3

CVE-2026-20164

Splunk

6.5

CVE-2026-20162

Splunk

6.3

CVE-2025-0367

Splunk

6.5

Menu

CVE-2026-20163

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-20166

CVE-2026-20165

CVE-2026-20164

CVE-2026-20162

CVE-2025-0367

CVE Details

Editor's Choice

Menu

CVE-2026-20163

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-20166

CVE-2026-20165

CVE-2026-20164

CVE-2026-20162

CVE-2025-0367

CVE Details

Editor's Choice

Stay informed on cybersecurity