Third-Party Package Updates in Splunk AppDynamics Machine Agent - May 2026
Advisory ID: SVD-2026-0514
CVE ID: Multiple
Published: 2026-05-20
Last Update: 2026-05-20
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk AppDynamics Machine Agent version 26.4.0, and higher, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| aws-java-sdk-core1 | Upgraded due to End-of-Life (EOL) | None | None |
| plexus-utils | Upgraded from version 3.3.0 to version 4.0.3 | CVE-2025-67030 | High |
| apache-log4j2 | Upgraded to version 2.25.4 | Multiple | High |
| curl3 | Upgraded to version 8.19.0 | Multiple | Medium |
| jetty4 | Upgraded to version 12.1.7 | Multiple | High |
| logback-core5 | Upgraded to version 1.5.32 | CVE-2026-1225 | Low |
| musl6 | Upgraded to version 1.2.5-r23 | Multiple | High |
| netty7 | Upgraded to version 4.1.132.Final | Multiple | High |
| openjdk8 | Upgraded to version 17.0.18u8 | Multiple | High |
| openssl9 | Upgraded | Multiple | Critical |
1 Upgraded aws-java-sdk-core from version 1.12.525 to version 2.42.40
2 Upgraded apache-log4j from version 2.25.3 to version 2.25.4 to remedy CVE-2026-34480, CVE-2026-34477, and CVE-2026-34478.
3 Upgraded curl from version 8.17.0 to version 8.19.0 to remedy CVE-2024-11053, CVE-2024-7264, CVE-2024-9681, and CVE-2025-14819.
4 Upgraded jetty from version 12.1.1 to version 12.1.7 to remedy CVE-2025-11143 and CVE-2026-1605.
5 Upgraded logback-core from version 1.5.19 to version 1.5.32 to remedy CVE-2026-1225.
6 Upgraded musl from version 1.2.5-r21 to version 1.2.5-r23 to remedy CVE-2026-40200 and CVE-2026-6042.
7 Upgraded netty from version 4.1.129.Final to version 4.1.132.Final to remedy CVE-2026-33871, CVE-2025-67735, and CVE-2026-33870.
8 Upgraded OpenJDK from version 17.0.17u10 to version 17.0.18u8 to remedy CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, and CVE-2026-21945.
9 Upgraded openssl from versions 3.0.18, 3.6.0, and 3.5.5 to versions 3.0.19, 3.6.2, and 3.5.6 respectively to remedy CVE-2024-13176, CVE-2024-41996, CVE-2025-11187, CVE-2025-15467, CVE-2025-15468, CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2025-9232, CVE-2026-22795, and CVE-2026-22796.
Solution
Upgrade Splunk AppDynamics Machine Agent to version 26.4.0 or higher.
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Splunk AppDynamics Machine Agent | 26.4 | Below 26.4.0 | 26.4.0 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.