Description
In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve sensitive information by inspecting the job's search log due to improper access control in the MongoClient logging channel.
Published: 2026-03-11
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Information Disclosure
Action: Immediate Patch
AI Analysis

Impact

This vulnerability allows a user without elevated Splunk roles to read sensitive search log data through the MongoClient logging channel. The improper access control exposes confidential information that should only be available to administrators, compromising confidentiality for affected accounts.

Affected Systems

Splunk Enterprise installations prior to versions 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform releases earlier than 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124 are vulnerable. These include both the enterprise appliance and the cloud‑based service.

Risk and Exploitability

The CVSS score of 6.3 indicates moderate severity, and the EPSS score of less than 1 percent suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The attack requires authenticated access as a low‑privileged user; no remote unauthenticated vector is described, so exploitation is limited to users who can log into the Splunk instance.

Generated by OpenCVE AI on March 24, 2026 at 19:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Splunk Enterprise to the latest supported release (at least 10.2.1, 10.0.4, 9.4.9, or 9.3.10, depending on your product version).
  • Apply the most recent Splunk Cloud Platform update (10.2.2510.7 or newer, or the equivalent release for your service).
  • If an immediate update is not possible, restrict non‑admin user access to search logs through role‑based permissions to mitigate exposure.

Generated by OpenCVE AI on March 24, 2026 at 19:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Splunk splunk
CPEs cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:10.2.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*
Vendors & Products Splunk splunk

Thu, 12 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Splunk
Splunk splunk Cloud Platform
Splunk splunk Enterprise
Vendors & Products Splunk
Splunk splunk Cloud Platform
Splunk splunk Enterprise

Wed, 11 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
Description In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve sensitive information by inspecting the job's search log due to improper access control in the MongoClient logging channel.
Title Sensitive Information Disclosure in MongoClient logging channel in Splunk Enterprise
Weaknesses CWE-532
References
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Splunk Splunk Splunk Cloud Platform Splunk Enterprise
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-12T16:19:44.284Z

Reserved: 2025-10-08T11:59:15.390Z

Link: CVE-2026-20165

cve-icon Vulnrichment

Updated: 2026-03-12T15:41:04.576Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-11T17:16:56.943

Modified: 2026-03-24T17:55:15.997

Link: CVE-2026-20165

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T11:50:15Z

Weaknesses