CVE-2026-20254
MediumCVSS 5.7Exploitation Probability (EPSS)
Low risk16th percentile — higher than 16% of all known CVEs
Summary
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user can craft a malicious dashboard that exfiltrates sensitive data to an external server when a higher-privileged user views it, exploiting a validation flaw in the Trusted Domains security check.
Risk Assessment
The organization may be exposed to sensitive data leaks and unauthorized access attacks, which could lead to serious legal and reputational consequences.
Recommendation
It is recommended to upgrade to the latest version of Splunk to mitigate this vulnerability and to review and strengthen security policies regarding access to dashboards.
Original NVD description (English source)
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server when a higher-privileged user views it, bypassing the external content restriction through a Cascading Style Sheets (CSS) injection.<br><br>The Trusted Domains security check does not fully validate inline style attribute values, which can allow for outbound requests to untrusted domains and credential exfiltration when a victim views a crafted dashboard.

