Third-Party Package Updates in Splunk AppDynamics Database Agent - May 2026

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk AppDynamics Database Agent version 26.4.0, and higher, including the following:

₁ Upgraded openssl from version 3.5.4 to version 3.5.6 to remedy CVE-2025-15467, CVE-2026-28387, CVE-2025-69420, CVE-2025-69421, CVE-2026-2673, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31790, CVE-2025-69419, CVE-2025-11187, CVE-2025-15468, CVE-2025-66199, CVE-2026-31789, CVE-2026-22795, CVE-2026-22796, CVE-2025-68160, and CVE-2025-69418.

₂ Upgraded Netty from version 4.1.129.Final to version 4.1.132.Final to remedy CVE-2026-33871 and CVE-2026-33870.

₃ Upgraded musl from version 1.2.5-r21 to version 1.2.5-r23 to remedy CVE-2026-40200 and CVE-2026-6042.

₄ Upgraded OpenJDK from version 17.0.17u10 to version 17.0.18u8 to remedy CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, and CVE-2026-21925.

₅ Upgraded log4j-core from version 2.25.3 to version 2.25.4 to remedy CVE-2026-34478, CVE-2026-34480, and CVE-2026-34477.

₆ Updated the Alpine base image, which upgraded the transitive BusyBox package to version 1.37.0-r30 to remediate CVE-2025-46394 and CVE-2024-58251.

Solution

Upgrade Splunk AppDynamics Database Agent to version 26.4.0 or higher.

Product Status

Severity

For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.