Third-Party Package Updates in Splunk AppDynamics Cluster Agent - May 2026
Advisory ID: SVD-2026-0510
CVE ID: Multiple
Published: 2026-05-20
Last Update: 2026-05-20
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk AppDynamics Cluster Agent version 26.4.0, and higher, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| golang1 | Upgraded to version 1.26.2 | Multiple | Critical |
| grpc-go | Upgraded from version 1.72.2 to version 1.79.3 | CVE-2026-33186 | Critical |
| openssl2 | Upgraded to version 3.5.1-7 | Multiple | Critical |
| spdystream | Upgraded from version 0.5.0 to version 0.5.1 | CVE-2026-35469 | High |
| musl3 | Upgraded to version 1.2.5-r23 | Multiple | High |
| curl | Upgraded from version 7.76.1-34 to version 7.76.1-35 | CVE-2025-9086 | High |
| libarchive | Upgraded from version 3.5.3-6 to version 3.5.3-7 | CVE-2026-4111 | High |
| gnupg | Upgraded from version 2.3.3-4 to version 2.3.3-5 | CVE-2025-68973 | High |
| gnutls4 | Upgraded to version 3.8.3-10 | Multiple | Medium |
1 Upgraded golang from version 1.25.5 to version 1.26.2 to remedy CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61731, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27140, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, and CVE-2026-33810.
2 Upgraded openssl from version 3.5.1-4 to version 3.5.1-7 to remedy CVE-2025-11187, CVE-2025-15467, CVE-2025-15468, CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, and CVE-2026-22796.
3 Upgraded musl from version 1.2.5-r10 to version 1.2.5-r23 to remedy CVE-2026-40200 and CVE-2026-6042.
4 Upgraded gnutls from version 3.8.3-9 to version 3.8.3-10 to remedy CVE-2025-14831, and CVE-2025-9820.
Solution
Upgrade Splunk AppDynamics Cluster Agent to version 26.4.0 or higher.
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Splunk AppDynamics Cluster Agent | 26.4 | Below 26.4.0 | 26.4.0 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.