Third-Party Package Updates in Splunk AppDynamics Private Synthetic Agent (PSA) - May 2026

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk AppDynamics Private Synthetic Agent version 26.4.0, and higher, including the following:

₁ Upgraded alpine from version 3.23.2 to version 3.23.4, which updated the transient OS packages to remedy CVE-2025-6075, CVE-2025-8291, CVE-2025-11468, CVE-2025-12084, CVE-2025-13151, CVE-2025-13836, CVE-2025-15282, CVE-2025-28162, CVE-2025-28164, CVE-2025-64505, CVE-2025-64506, CVE-2025-64720, CVE-2025-65018, CVE-2025-66293, CVE-2025-69277, CVE-2026-0865, CVE-2026-0965, CVE-2026-0967, CVE-2026-0968, CVE-2026-1584, CVE-2026-1861, CVE-2026-3731, CVE-2026-22695, CVE-2026-22801, CVE-2026-24515, CVE-2026-25210, CVE-2026-25833, CVE-2026-25834, CVE-2026-25835, CVE-2026-27456, CVE-2026-32776, CVE-2026-32777, CVE-2026-32778, CVE-2026-34871, CVE-2026-34872, CVE-2026-34873, CVE-2026-34874, CVE-2026-34875, CVE-2026-34876, and CVE-2026-34877.

₂ Upgraded axios from version 1.12.2 to version 1.15.0 to remedy CVE-2025-62718, CVE-2026-25639, and CVE-2026-40175.

₃ Upgraded chromium from version 143.0.7499.40 to version 147.0.7727.101 to remedy CVE-2026-2441, CVE-2026-2648, CVE-2026-2649, CVE-2026-2650, CVE-2026-3061, CVE-2026-3062, CVE-2026-3063, CVE-2026-3536, CVE-2026-3537, CVE-2026-3538, CVE-2026-3539, CVE-2026-3540, CVE-2026-3541, CVE-2026-3542, CVE-2026-3543, CVE-2026-3544, CVE-2026-3545, and CVE-2025-14174.

₄ Upgraded basic-ftp from version 5.0.5 to version 5.3.0 to remedy CVE-2026-27699 and CVE-2026-41324.

₅ Upgraded flatted from version 3.2.7 to version 3.4.2 to remedy CVE-2026-32141 and CVE-2026-33228.

₆ Upgraded cryptography from version 46.0.3 to version 46.0.7 to remedy CVE-2026-26007, CVE-2026-34073, and CVE-2026-39892.

₇ Upgraded openssl from versions 1.1.1zd, 3.0.18, and 3.5.4 to versions 1.1.1zf, 3.0.19, and 3.5.6 respectively to remedy CVE-2025-11187, CVE-2025-15467, CVE-2025-15468, CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796, and CVE-2026-2673.

₈ Upgraded Netty from version 4.1.128.Final to version 4.1.132.Final to remedy CVE-2025-67735, CVE-2026-33870, and CVE-2026-33871.

₉ Upgraded pillow from version 12.0.0 to version 12.2.0 to remedy CVE-2026-25990, CVE-2026-40192, CVE-2026-42308, CVE-2026-42309, CVE-2026-42310, and CVE-2026-42311.

₁₀ Removed tar to remedy CVE-2026-33055 and CVE-2026-33056.

₁₁ Upgraded node.js from version 24.11.1 to version 24.14.1 to remedy CVE-2025-55130, CVE-2025-55131, CVE-2025-55132, CVE-2025-59464, CVE-2025-59465, CVE-2025-59466, CVE-2026-21637, CVE-2026-21710, CVE-2026-21712, CVE-2026-21713, CVE-2026-21714, CVE-2026-21715, CVE-2026-21716, and CVE-2026-21717.

₁₂ Upgraded jetty from version 12.0.13 to version 12.0.33 to remedy CVE-2025-1948, CVE-2025-11143, and CVE-2026-1605.

₁₃ Upgraded OpenJDK from version 17.0.17u10 to version 17.0.18u8 to remedy CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, and CVE-2026-21945.

₁₄ Upgraded pypdf from version 6.4.0 to version 6.10.2 to remedy CVE-2026-22690, CVE-2026-22691, CVE-2026-24688, CVE-2026-27024, CVE-2026-27025, CVE-2026-27026, CVE-2026-27628, CVE-2026-27888, CVE-2026-28351, and CVE-2026-28804.

₁₅ Upgraded cups from version 2.4.13 to version 2.4.16 to remedy CVE-2025-58436 and CVE-2025-58060.

₁₆ Upgraded spring-framework from version 6.2.14 to version 6.2.17 to remedy CVE-2026-22735 and CVE-2026-22737.

Solution

Upgrade Splunk AppDynamics Private Synthetic Agent to version 26.4.0 or higher.

Product Status

Severity

For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.