Third-Party Package Updates in Splunk AppDynamics Apache Web Server Agent - May 2026
Advisory ID: SVD-2026-0507
CVE ID: Multiple
Published: 2026-05-20
Last Update: 2026-05-20
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk AppDynamics Apache Web Server Agent version 25.11.1, and higher, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| expat1 | Upgraded to version 2.7.5 | Multiple | High |
| libpng2 | Upgraded to version 1.6.51 | Multiple | High |
| openjdk3 | Upgraded to version 11.0.30u7 | Multiple | High |
| log4j-core | Upgraded from version 2.17.1 to version 2.25.3 | CVE-2025-68161 | Medium |
1 Upgraded expat from version 2.7.3 to version 2.7.5 to remedy CVE-2026-25210, CVE-2026-32776, CVE-2026-32777, CVE-2026-32778, and CVE-2026-24515.
2 Upgraded libpng from version 1.6.47 to version 1.6.51 to remedy CVE-2025-64720, CVE-2025-65018, CVE-2025-64505, and CVE-2025-64506.
3 Upgraded OpenJDK from version 11.0.28u6 to version 11.0.30u7 to remedy CVE-2025-53066, CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2025-53057, and CVE-2026-21925.
Solution
Upgrade Splunk AppDynamics Apache Web Server Agent to versions 25.11.1 or higher.
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Splunk AppDynamics Apache Web Server Agent | 25.11 | Below 25.11.1 | 25.11.1 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.