Improper Access Control in Splunk Enterprise

Advisory ID: SVD-2026-0609

CVE ID: CVE-2026-20259

Published: 2026-06-10

Last Update: 2026-06-10

CVSSv3.1 Score: 5.5, Medium

CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

CWE: CWE-284

Bug ID: VULN-58322

Description

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability edit_saved_search_owner could reassign saved search ownership to users outside their authorized scope. The ownership reassignment endpoint lacks access control.

See Manage saved searches and reports and Define roles on the Splunk platform with capabilities in the Splunk documentation for more information.

Solution

Upgrade Splunk Enterprise to versions 10.4.0, 10.2.4 and 10.0.7, or higher.

Splunk is actively monitoring and patching Splunk Cloud Platform instances.

Product Status

ProductBase VersionComponentAffected VersionFix Version
Splunk Enterprise10.4Splunk WebNot affected10.4.0
Splunk Enterprise10.2Splunk Web10.2.0 to 10.2.310.2.4
Splunk Enterprise10.0Splunk Web10.0.0 to 10.0.610.0.7
Splunk Enterprise9.4Splunk WebNot affectedN/A
Splunk Enterprise9.3Splunk WebNot affectedN/A
Splunk Cloud Platform10.4.2604.0Splunk WebNot affected10.4.2604.0
Splunk Cloud Platform10.3.2512Splunk WebBelow 10.3.2512.1210.3.2512.12
Splunk Cloud Platform10.2.2510Splunk WebBelow 10.2.2510.1510.2.2510.15
Splunk Cloud Platform10.1.2507Splunk WebBelow 10.1.2507.2310.1.2507.23
Splunk Cloud Platform10.0.2503Splunk WebBelow 10.0.2503.1410.0.2503.14
Splunk Cloud Platform9.3.2411Splunk WebBelow 9.3.2411.1319.3.2411.131

Mitigations and Workarounds

None

Detections

None

Severity

Splunk rates this vulnerability a 5.5, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N.

Acknowledgments

Andres Perez, Splunk