CVE-2026-20204NVD

Vulnerability Summary

In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.5, 10.2.2510.9, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the `admin` or `power` Splunk roles could potentially perform a Remote Code Execution (RCE) by uploading a malicious file to the `$SPLUNK_HOME/var/run/splunk/apptemp` directory due to improper handling and insufficient isolation of temporary files within the `apptemp` directory.

Severity Level

HIGH(7.1)

Published Date

Apr 15, 2026

Last Modified

Apr 17, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.18%Probability

Root Weakness (CWE)

CWE-377: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityHigh

Privileges RequiredLow

User InteractionRequired

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://advisory.splunk.com/advisories/SVD-2026-0403