Bypass of Splunk Enterprise's implementation of DUO MFA

Advisory ID: SVD-2022-0504

CVE ID: CVE-2021-26253

Published: 2022-05-03

Last Update: 2022-05-03

CVSSv3.1 Score: 8.1, High

CWE: CWE-287

Bug ID: SPL-172887


A potential vulnerability in Splunk Enterprise’s implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or affect a DUO product or service. For more information on securing Splunk Enterprise logins with DUO MFA, see About Multi Factor Auth.


Upgrade Splunk Enterprise instances using DUO MFA to 8.1.6 or later.

Product Status

ProductVersionComponentAffected VersionFix Version
Splunk Enterprise8.1-8.1.5 and earlier8.1.6
Splunk Enterprise8.2-Not affected-

The vulnerability does not impact Splunk Cloud Platform instances.


Sanket Bhimani