Multiple vulnerabilities in Splunk products, including security restriction bypass, information disclosure, and cross-site scripting, can be exploited by a remote attacker. Affected versions include Splunk Enterprise below 10.0.7, 10.2.4, 9.3.13, and 9.4.12, as well as numerous specific Splunk Cloud Platform versions listed in the advisory. Administrators must apply the fixes provided via the vendor's security advisories linked in the article.
Multiple vulnerabilities were identified in Splunk products. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure, security restriction bypass and cross-site scripting on the targeted system. Impact Security Restriction Bypass Information Disclosure Cross-Site Scripting System / Technologies affected Splunk Enterprise versions below 10.0.7 10.2.4 9.3.13 9.4.12 Splunk Cloud Platform versions below 9.3.2411.131 9.3.2411.132 10.0.2503.14 10.1.2507.22 10.1.2507.23 10.2.2510.14 10.2.2510.15 10.3.2512.11 10.3.2512.12 10.3.2512.13 10.4.2604.0 10.4.2604.3 Solutions Before installation of the software, please visit the vendor web-site for more details. Apply fixes issued by the vendor: https://advisory.splunk.com/advisories/SVD-2026-0602 https://advisory.splunk.com/advisories/SVD-2026-0603 https://advisory.splunk.com/advisories/SVD-2026-0604 https://advisory.splunk.com/advisories/SVD-2026-0605 https://advisory.splunk.com/advisories/SVD-2026-0606 https://advisory.splunk.com/advisories/SVD-2026-0607 https://advisory.splunk.com/advisories/SVD-2026-0608 https://advisory.splunk.com/advisories/SVD-2026-0609