Description
In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the "admin" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure.<br><br>The Monitoring Console app is a bundled app that comes with Splunk Enterprise. It is not available for download on SplunkBase, and is not installed on Splunk Cloud Platform instances. This vulnerability does not affect [Cloud Monitoring Console](https://help.splunk.com/en/splunk-cloud-platform/administer/admin-manual/10.2.2510/monitor-your-splunk-cloud-platform-deployment/introduction-to-the-cloud-monitoring-console).
Published: 2026-02-18
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Information Disclosure
Action: Patch
AI Analysis

Impact

The vulnerability arises from improper access control within the Splunk Monitoring Console App bundled with Splunk Enterprise. The flaw allows a low‑privileged, non‑admin Splunk user to access endpoints that should be restricted, thereby exposing sensitive information that would normally be protected by role‑based permissions. This weakness is identified in the CVE as CWE‑200, a data‑exposure vulnerability.

Affected Systems

Splunk Enterprise versions older than 10.0.2, 10.0.3, 9.4.8, and 9.3.9 are affected. The Monitoring Console App is included with on‑premises installations and is not available through SplunkBase nor installed on Splunk Cloud Platform instances, so the vulnerability does not impact cloud deployments.

Risk and Exploitability

The CVSS score of 4.3 indicates a moderate severity. The EPSS score of less than 1% shows a very low exploitation probability. The vulnerability is not listed in the CISA KEV catalog. It is likely to be exploited by an authenticated local user who possesses a Splunk account but lacks the admin role; no remote execution or privilege escalation is possible based on the available data.

Generated by OpenCVE AI on April 17, 2026 at 18:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Splunk Enterprise to a version equal to or newer than 10.0.2, 10.0.3, 9.4.8, or 9.3.9 to eliminate the improper access control.
  • If an immediate upgrade cannot be performed, restrict the Monitoring Console App so that only users with the admin role can access its endpoints, removing or disabling access for all non‑admin accounts.
  • Re‑evaluate and adjust Splunk role assignments to ensure that sensitive apps such as Monitoring Console are only enabled for administrators, preventing accidental exposure of protected data.

Generated by OpenCVE AI on April 17, 2026 at 18:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Splunk splunk
CPEs cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
Vendors & Products Splunk splunk

Thu, 19 Feb 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Splunk
Splunk splunk Enterprise
Vendors & Products Splunk
Splunk splunk Enterprise

Wed, 18 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 18 Feb 2026 17:30:00 +0000

Type Values Removed Values Added
Description In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the "admin" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure.<br><br>The Monitoring Console app is a bundled app that comes with Splunk Enterprise. It is not available for download on SplunkBase, and is not installed on Splunk Cloud Platform instances. This vulnerability does not affect [Cloud Monitoring Console](https://help.splunk.com/en/splunk-cloud-platform/administer/admin-manual/10.2.2510/monitor-your-splunk-cloud-platform-deployment/introduction-to-the-cloud-monitoring-console).
Title Improper Access Control in Splunk Monitoring Console App
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Splunk Splunk Splunk Enterprise
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-02-18T17:56:35.360Z

Reserved: 2025-10-08T11:59:15.382Z

Link: CVE-2026-20141

cve-icon Vulnrichment

Updated: 2026-02-18T17:56:27.785Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-18T18:24:26.827

Modified: 2026-02-23T14:46:16.627

Link: CVE-2026-20141

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T18:45:25Z

Weaknesses