Improper Access Control in Splunk Monitoring Console App
Advisory ID: SVD-2026-0206
CVE ID: CVE-2026-20141
Published: 2026-02-18
Last Update: 2026-02-18
CVSSv3.1 Score: 4.3, Medium
CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE: CWE-200
Bug ID: VULN-47158
Description
In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the “admin” Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure.
The Monitoring Console app is a bundled app that comes with Splunk Enterprise. It is not available for download on SplunkBase, and is not installed on Splunk Cloud Platform instances. This vulnerability does not affect Cloud Monitoring Console.
Solution
Upgrade Splunk Enterprise to versions 10.0.2, 10.0.3, 9.4.8, 9.3.9, or higher.
The vulnerability does not affect Splunk Cloud Platform instances.
Product Status
| Product | Base Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Splunk Enterprise | 10.2 | Splunk Monitoring Console | Not affected | 10.2.0 |
| Splunk Enterprise | 10.0 | Splunk Monitoring Console | 10.0.0 to 10.0.2 | 10.0.3 |
| Splunk Enterprise | 9.4 | Splunk Monitoring Console | 9.4.0 to 9.4.7 | 9.4.8 |
| Splunk Enterprise | 9.3 | Splunk Monitoring Console | 9.3.0 to 9.3.8 | 9.3.9 |
Mitigations and Workarounds
None
Detections
None
Severity
Splunk rates this vulnerability a 4.3, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N.
Acknowledgments
Mohammad Fahad Khan (fahadkhan01)