Third-Party Package Updates in Splunk User Behavior Analytics - May 2026

Advisory ID: SVD-2026-0515

CVE ID:  Multiple

Published: 2026-05-20

Last Update: 2026-05-20

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk User Behavior Analytics versions 5.4.5, and higher.

PackageRemediationCVESeverity
apache spark1Upgraded apache spark from version 3.5.5 to version 3.5.6MultipleCritical
jackson-mapper-asl2Removed jackson-mapper in UBA 5.4.4MultipleCritical
jackson-databind3Upgraded jackson-databind from version 2.13.5 to version 2.16.2MultipleMultiple
Hive4Upgraded Hive from version 3.1.3 to version 4.0.1MultipleHigh
Apache Parquet Avro5Upgraded Apache Parquet Avro from version 1.11.2 to version 1.15.2MultipleCritical
python3-idna6Upgraded python3-idna from version 2.5-5 to version 2.5-7CVE-2024-3651High
python3.12-urllib37Upgraded python3.12-urllib3 from version 1.26.18-2 to version 1.26.19-1CVE-2024-37891High
python3-requests8Upgraded python3-requests from version 2.20.0 to version2.32.4MultipleHigh
setuptools9Upgraded setuptools from version 75.1.0 to version 80.9.0CVE-2025-47273High
openssl10Upgraded openssl from version 1.1.1k-12 to version 1.1.1k-14MultipleMultiple
compat-openssl1011Upgraded compat-openssl10 from version 10-1.0.2o-4 to version 1.0.2o-4CVE-2024-5535High
libxslt12Upgraded libxslt from version 1.1.32-6.2.el8_10 to version 1.1.32-6.3.el8_10MultipleNA
redis13Upgraded redis from version 7.0.15 to version 7.2.11CVE-2025-49844Critical
postgresql-jdbc14Upgraded postgresql-jdbc from version 42.7.5 to version 42.7.7CVE-2025-49146High
H2 Database15Upgraded H2 Database from version 2.1.210 to version 2.2.220CVE-2022-45868High
protobuf python16Upgraded protobuf from version 4.25.5 to version 4.25.8CVE-2025-4565Multiple
kubernetes17Upgraded kubernetes from version 1.31.3 to version 1.31.11MultipleMultiple
logback-coreUpgraded logback-core from version 1.3.15 to version 1.5.19CVE-2025-11226Medium
axiosUpgraded axios from version 1.10.0 to version 1.13.5CVE-2026-25639High
xml-crypto18Upgraded xml-crypto from version 2.1.3 to version 2.1.6MultipleHigh
multerUpgraded multer from version 2.0.1 to version 2.0.2CVE-2025-7338High
Splunk heavy forwarder19Upgraded Splunk heavy forwarder from version 9.4.2 to version 10.0.0MultipleMultiple
seleniumUpgraded selenium from version 4.11.2 to version 4.14.0CVE-2023-5590High
OpenJDK20Upgraded OpenJDK to 8u482MultipleHigh
netty21Patched netty to version 4.1.130CVE-2025-58057High
lz4-java22Upgraded lz4-java from version 1.8.0 to version 1.10.1MultipleHigh
jose4jUpgraded jose4j from version 0.9.4 to version 0.9.6CVE-2024-29371High
Python23Upgraded Python from version 3.12.8 to version 3.12.11MultipleMultiple
node.js24Upgraded node.js from version 22.14.0 to version 22.22.0MultipleHigh
Apache Tika25See notesCVE-2025-66516Critical
docker-ce26Upgraded docker-ce from version 28.3.3-1 to version 29.1.5-1MultipleHigh
docker-compose-plugin27Upgraded docker-compose-plugin from version 2.39.1-1 to version 5.0.2-1MultipleHigh
containerd.io28Upgraded containerd.io from version 1.7.27-3.1 to version 2.2.1-1MultipleHigh
cri-dockerd29Compiled cri-dockerd version 0.3.22 with golang-go version 1.26.11MultipleMultiple
underscore.jsPatched version 1.8.3CVE-2021-23358High

1 Upgraded Apache Spark from version 3.5.5 to version 3.5.6 and removed hadoop in UBA 5.4.4 to remediate CVE-2022-3171, CVE-2022-3509, CVE-2022-3510, CVE-2020-24750, CVE-2020-14060, CVE-2020-36181, CVE-2020-9546, CVE-2018-14720, CVE-2020-36183, CVE-2020-24616, CVE-2019-17267, CVE-2018-14721, CVE-2019-16943, CVE-2019-17531, CVE-2020-36185, CVE-2019-10202, CVE-2020-8840, CVE-2019-12086, CVE-2017-15095, CVE-2020-36189, CVE-2020-36186, CVE-2020-25649, CVE-2020-14062, CVE-2020-35491, CVE-2018-14719, CVE-2020-36180, CVE-2019-14379, CVE-2021-20190, CVE-2020-14061, CVE-2020-36187, CVE-2020-36188, CVE-2018-19362, CVE-2019-14540, CVE-2019-14439, CVE-2019-14892, CVE-2017-17485, CVE-2020-9547, CVE-2020-14195, CVE-2019-14893, CVE-2020-36184, CVE-2020-11620, CVE-2019-16942, CVE-2020-9548, CVE-2017-7525, CVE-2020-10673, CVE-2018-5968, CVE-2018-19361, CVE-2020-36179, CVE-2020-35490, CVE-2018-19360, CVE-2020-36182, CVE-2018-14718, CVE-2018-7489, CVE-2019-10172, CVE-2020-11619, CVE-2019-16335, CVE-2019-20330, CVE-2023-2976, CVE-2024-29131, CVE-2022-42004, CVE-2022-42003, CVE-2023-1370, CVE-2023-44487, CVE-2022-25647, CVE-2024-25638, CVE-2024-47561, CVE-2023-39410, CVE-2022-46337, CVE-2019-0205, CVE-2019-0210, CVE-2020-13949 and CVE-2023-22946

2 Removed jackson-mapper in UBA 5.4.4 to remediate CVE-2020-36181, CVE-2020-36183, CVE-2020-36184, CVE-2020-36185, CVE-2020-36186, CVE-2020-36187, CVE-2020-36188, CVE-2020-36189 CVE-2020-36518, CVE-2022-42003, CVE-2022-42004

3 Upgraded jackson-databind from version 2.13.5 to version 2.16.2 in UBA 5.4.4 to remediate CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-11307, CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720, CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362, CVE-2018-5968, CVE-2018-7489, CVE-2019-12086, CVE-2019-14379, CVE-2019-14439, CVE-2019-14540, CVE-2019-14892, CVE-2019-14893, CVE-2019-16335, CVE-2019-17267, CVE-2019-17531, CVE-2019-20330, CVE-2020-10672, CVE-2020-10673, CVE-2020-11619, CVE-2020-11620, CVE-2020-14060, CVE-2020-14061, CVE-2020-14062, CVE-2020-14195, CVE-2020-24616, CVE-2020-24750, CVE-2020-25649, CVE-2020-35490, CVE-2020-35491, CVE-2020-36179, CVE-2020-36181, CVE-2020-36183, CVE-2020-36184, CVE-2020-36185, CVE-2020-36186, CVE-2020-36187, CVE-2020-36188, CVE-2020-36189, CVE-2020-36518, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548, CVE-2021-20190, CVE-2022-42003, CVE-2020-10650 and CVE-2022-42004

4 Upgraded Hive from version 3.1.3 to version 4.0.1 in UBA 5.4.4 to remediate CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2019-16869 CVE-2019-20444, CVE-2019-20445, CVE-2021-28165, CVE-2021-37136 CVE-2021-37137, CVE-2023-44487, CVE-2022-3171, CVE-2022-3509, CVE-2022-3510, CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090 CVE-2022-40149, CVE-2022-40150, CVE-2023-39410, CVE-2023-2976, CVE-2023-34453, CVE-2023-34454, CVE-2023-34455, CVE-2023-3635, CVE-2023-43642, CVE-2024-1597, CVE-2024-13009, CVE-2024-21634, CVE-2024-29857, CVE-2024-36114 and CVE-2025-27553

5 Upgraded Apache Parquet Avro from version 1.11.2 to version 1.15.2 in UBA 5.4.4 to remediate CVE-2025-30065 and CVE-2025-46762

6 Upgraded idna from version 2.5-5 to version 2.5-7 in UBA 5.4.4 to remediate CVE-2024-3651

7 Upgraded urllib3 from version 1.26.18-2 to version 1.26.19-1 in UBA 5.4.4 to remediate CVE-2024-37891

8 Upgraded python3-requests from version 2.20.0 to version 2.32.4 in UBA 5.4.4 to remediate CVE-2024-35195 and CVE-2024-47081

9 Upgraded setuptools from version version 75.1.0 to version 80.9.0 in UBA 5.4.4 to remediate CVE-2025-47273

10 Upgraded OpenSSL from version 1.1.1k-12 to version 1.1.1k-14 in UBA 5.4.4 to remediate CVE-2024-5535, CVE-2020-1971, CVE-2022-3996, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0286, CVE-2023-0401, CVE-2023-4807, CVE-2024-12797 CVE-2022-4450, CVE-2020-36242

11 Upgraded compat-openssl10 from version 1.0.2o-4.el8_6 to version 1.0.2o-4.el8_10.1 in UBA 5.4.4 to remediate CVE-2024-5535

12 CVE-2024-55549 and CVE-2025-24855 does not affect UBA. However, out of an abundance of caution, Splunk upgraded it.

13 Upgraded redis from version 7.0.15 to version 7.2.11 in UBA 5.4.4 to remediate CVE-2025-49844

14 Upgraded postgresql-jdbc from version 42.7.5 to version 42.7.7 in UBA 5.4.4 to remedy CVE-2025-49146

15 Upgraded H2 Database from version 2.1.210 to version 2.2.220 in UBA 5.4.4 to remediate CVE-2022-45868

16 Upgraded protobuf python from version 4.25.5 to version 4.25.8 in kafka ingestion app in UBA 5.4.4 to remediate CVE-2025-4565

17 Upgraded Kubernetes from version 1.31.3 to version 1.31.11 in UBA 5.4.4 to remediate golang dependency CVEs CVE-2025-22871, CVE-2025-22869, CVE-2024-34158, CVE-2024-34156, CVE-2024-24791, CVE-2024-24790, CVE-2024-10220.

18 Upgraded xml-crypto from version 2.1.3 to version 2.1.6 in Zplex in UBA 5.4.4 to remediate CVE-2025-29775 and CVE-2025-29774

19 Upgraded Splunk Heavy forwarder from version 9.4.2 to version 10.0.0 in UBA 5.4.4 to remediate CVE-2025-22871, CVE-2022-3171, CVE-2022-3509, CVE-2022-3510, CVE-2024-34158, CVE-2024-34156, CVE-2018-20225, CVE-2025-22869, CVE-2024-45337, CVE-2025-30204, CVE-2022-40023, CVE-2024-47561, CVE-2024-6345, CVE-2025-47273, CVE-2022-23491, CVE-2023-37920, CVE-2023-4807, CVE-2022-4450, CVE-2023-0286, CVE-2023-0401, CVE-2020-36242, CVE-2022-3996, CVE-2023-50782, CVE-2023-0217, CVE-2023-49083, CVE-2023-0215, CVE-2023-0216, CVE-2024-45339, CVE-2025-30153

20 Upgraded OpenJDK to version 8u482 in UBA 5.4.5 to remedy CVE-2025-53057 and CVE-2025-53066.

21 Patched the transient dependency, netty, in Apache Zookeeper and Kafka, upgrading it to version 4.1.130 to remediate CVE-2025-58057

22 Upgraded lz4-java from version 1.8.0 to version 1.10.1 in UBA 5.4.5 to remediate CVE-2025-12183 and CVE-2025-66566

23 Upgraded Python from version 3.12.8 to version 3.12.11 in UBA 5.4.5 to remediate CVE-2024-0397, CVE-2024-12718, CVE-2024-7592, CVE-2025-0938, CVE-2025-1795, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6069, CVE-2025-8194

24 Upgraded node.js from version 22.14.0 to version 22.22.0 in UBA 5.4.5 to remedy CVE-2025-27210, CVE-2025-55131, CVE-2025-55130, and CVE-2025-59466. UBA 5.4.5 is not affected by CVE-2025-59464.

25 Manually patched Apache Tika version 2.3.0 by hardening XML parser and removing unused parser modules to remedy CVE-2025-66516 in UBA 5.4.5.

26 Upgraded docker-ce and related binaries from version version 28.3.3-1 to version 29.1.5-1 in UBA 5.4.5 to remedy CVE-2024-41110, CVE-2025-47907, CVE-2025-22868 and CVE-2025-22869 in bundled Go components.

27 Upgraded docker-compose-plugin from version 2.39.1-1 to version 5.0.2-1 in UBA 5.4.5 to remedy CVE-2025-47907, CVE-2025-22868 and CVE-2025-22869 in bundled Go components.

28 Upgraded containerd.io from version 1.7.27-3.1 to version 2.2.1-1 to remedy CVE-2025-47907, CVE-2025-22868 and CVE-2025-22869 in bundled Go components.

29 Compiled cri-dockered with golang-go version 1.26.11 in UBA 5.4.5 to remediate CVE-2023-44487, CVE-2023-5408, CVE-2024-10220, CVE-2024-24790, CVE-2024-24791, CVE-2024-34156, CVE-2024-34158, CVE-2024-45337, CVE-2024-5321, CVE-2025-22871, CVE-2025-31133, CVE-2025-4674, CVE-2025-47913, CVE-2025-52565, CVE-2025-52881, CVE-2025-58187, CVE-2025-58188, CVE-2025-61723, CVE-2025-61725, and CVE-2025-61729

Solution

Upgrade Splunk User Behavior Analytics to version 5.4.5, or higher.

Product Status

ProductBase VersionAffected VersionFix Version
Splunk User Behavior Analytics5.4Below 5.4.55.4.5

Severity

For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.