Third-Party Package Updates in Splunk AppDynamics Analytics Agent - May 2026

Advisory ID: SVD-2026-0508

CVE ID:  Multiple

Published: 2026-05-20

Last Update: 2026-05-20

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk AppDynamics Analytics Agent version 26.4.0, and higher, including the following:

PackageRemediationCVESeverity
lz4-javaUpgraded from version 1.8.0 to version 1.8.1CVE-2025-12183High
libpng1Upgraded to version 1.6.54MultipleHigh
openjdk2Upgraded to version 17.0.18u8MultipleHigh
elasticsearch3Upgraded to version 8.19.9MultipleHigh
logback-core4Upgraded to version 1.5.32MultipleMedium
netty5Upgraded to version 4.1.132.FinalMultipleHigh
jetty6Upgraded to version 12.1.6MultipleHigh

1 Upgraded libpng from version 1.6.47 to version 1.6.54 to remedy CVE-2025-64505, CVE-2025-64506, CVE-2025-64720, CVE-2025-65018, CVE-2025-66293, CVE-2026-22695, and CVE-2026-22801.

2 Upgraded OpenJDK from version 17.0.16u8 to version 17.0.18u8 to remedy CVE-2025-53057, CVE-2025-53066, CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, and CVE-2026-21945.

3 Upgraded elasticsearch from version 8.19.5 to version 8.19.9 to remedy CVE-2025-37731, CVE-2025-68384, and CVE-2025-68390.

4 Upgraded logback-core to version 1.5.32 to remedy CVE-2024-12798 and CVE-2024-12801.

5 Upgraded Netty from version 4.1.129 to version 4.1.132.Final to remedy CVE-2026-33871, and CVE-2026-33870

6 Upgraded jetty to version 12.1.6 to remedy CVE-2026-1605 and CVE-2025-11143.

Solution

Upgrade Splunk AppDynamics Analytics Agent to version 26.4.0 or higher.

Product Status

ProductBase VersionAffected VersionFix Version
Splunk AppDynamics Analytics Agent26.4Below 26.4.026.4.0

Severity

For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.