Third-Party Package Updates in Splunk SOAR - June 2026
Advisory ID: SVD-2026-0612
CVE ID: Multiple
Published: 2026-06-10
Last Update: 2026-06-10
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk SOAR version 8.5.0, and higher.
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| pyOpenSSL1 | Upgrade pyOpenSSL to version 26.0.0 | Multiple | Medium |
| pip2 | Upgrade pip to version 26.0.1 | Multiple | Medium |
| wheel3 | Upgrade wheel to version 0.46.2 | CVE-2026-24049 | High |
| pyasn14 | Upgrade pyasn1 to version 0.6.2 | CVE-2026-23490 | High |
| postgres5 | Upgrade postgres to version 15.15 | Multiple | Medium |
| filelock6 | Upgrade filelock to version 3.24.3 | Multiple | Medium |
1 Upgraded pyOpenSSL from version 24.3.0 to version 26.0.0 to remediate CVE-2026-27448 and CVE-2026-27459
2 Upgraded pip from version 25.0.1 to version 26.0.1 to remedy CVE-2025-8869 and CVE-2026-1703
3 Upgraded wheel from version 0.45.1 to version 0.46.2 to remedy CVE-2026-24049
4 Upgraded pyasn1 from version 0.6.1 to version 0.6.2 to remedy CVE-2026-23490
5 Upgraded postgres from version 15.14 to version 15.15 to remedy CVE-2025-12817 and CVE-2025-12818
6 Upgraded filelock from version 3.19.1 to version 3.24.3 at sorcery/dependencies/workspaces/platform/uv.lock to remedy CVE-2025-68146 and CVE-2026-22701
Solution
Upgrade Splunk SOAR to version 8.5.0, or higher.
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Splunk SOAR | 8.5 | Below 8.5.0 | 8.5.0 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.