HIGHCVE-2026-20204Published Modified CNA cisco
CVE-2026-20204: Improper Handling and Insufficient Isolation of Specific Temporary Files in Splunk Enterprise
In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.5, 10.2.2510.9, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the `admin` or `power` Splunk roles could potentially perform a Remote Code Execution (RCE) by uploading a malicious file to the `$SPLUNK_HOME/var/run/splunk/apptemp` directory due to improper handling and insufficient isolation of temporary files within the `apptemp` directory.
Metrics
- CVSS v3.1
- 7.1
- Severity
- HIGH
- Fixed in
- 9.3.11
- Affected Products
- 2
Fix available
9.3.119.3.2411.1279.4.1010.0.510.0.2503.1310.1.2507.1910.2.110.2.2510.910.3.2512.5Not Affected
Affected packages
- Splunk / Splunk Enterprise< 10.2.1 (from 10.2) · < 10.0.5 (from 10.0) · < 9.4.10 (from 9.4) · < 9.3.11 (from 9.3)
- Splunk / Splunk Cloud Platform< Not Affected (from 10.4.2603) · < 10.3.2512.5 (from 10.3.2512) · < 10.2.2510.9 (from 10.2.2510) · < 10.1.2507.19 (from 10.1.2507) · < 10.0.2503.13 (from 10.0.2503) · < 9.3.2411.127 (from 9.3.2411)
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HReferences