Third-Party Package Updates in Splunk SOAR - February 2026
Advisory ID: SVD-2026-0201
CVE ID: Multiple
Published: 2026-02-04
Last Update: 2026-02-04
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk SOAR version 7.1.0.
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| sha.js | Upgraded to v2.4.12 | CVE-2025-9288 | Critical |
| cipher-base | Upgraded to v1.0.5 | CVE-2025-9287 | Critical |
| jspdf | Upgraded to v3.0.2 | CVE-2025-57810 | High |
| postgresql1 | Upgraded to v15.4 | Multiple | High |
| django | Upgraded to v4.2.22 | CVE-2025-32873 | Medium |
| brace-expansion | Upgraded to v2.0.2 | CVE-2025-5889 | Low |
| requests | Upgraded to v2.32.4 | CVE-2024-47081 | Medium |
| tornado | Upgraded to v6.5.2 | CVE-2025-47287 | High |
1 Upgraded posgresql to v15.4 to remediate CVE-2025-8715, CVE-2025-8714 and CVE-2025-8713
Solution
Upgrade Splunk SOAR to versions 7.1.0 or higher.
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Splunk SOAR | 7.1 | Below 7.1.0 | 7.1.0 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.