{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-20251/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-11T03:55:39.372Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-20251","@id":"https://www.cve.org/CVERecord?id=CVE-2026-20251","description":"In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, and Splunk Secure Gateway versions below 3.10.6, 3.9.20, and 3.8.67, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could perform a Remote Code Execution (RCE) through the Splunk Secure Gateway app.<br><br>The Remote Code Execution is possible because of unsafe deserialization of App Key Value Store "},"products":[{"@id":"cpe:2.3:a:splunk:splunk_enterprise:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:splunk:splunk_enterprise:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:splunk:splunk_secure_gateway:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:splunk:splunk_secure_gateway:*:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"Update to a fixed version: 3.8.67, 3.9.20, 3.10.6, 9.3.13, 9.3.2411.132, 9.4.12, 10.0.7, 10.1.2507.22, 10.2.4, 10.2.2510.14, 10.3.2512.12.","timestamp":"2026-06-11T03:55:39.372Z"}]}