Third-Party Package Updates in Splunk Universal Forwarder - February 2026
Advisory ID: SVD-2026-0210
CVE ID: Multiple
Published: 2026-02-18
Last Update: 2026-02-18
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Universal Forwarder versions 10.0.3, 9.4.8, 9.3.9, 9.2.12, and higher.
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| openssl1 | Upgraded to versions 1.0.2zm and 3.0.18 | CVE-2025-9230 | Medium |
| node.js2 | See Notes | Multiple | High |
| node.js3 | See Notes | Multiple | High |
1 Updated openssl to version 1.0.2zm at /opt/splunkforwarder/bin/openssl, /opt/splunkforwarder/lib/libcrypto.so.1.0.0, and /opt/splunkforwarder/lib/libssl.so.1.0.0 to remedy CVE-2025-9230 for versions 9.4.8 and 9.3.9. Upgraded openssl to version 3.0.18 at /opt/splunkforwarder/bin/openssl for versions 10.2.0 and 10.0.3.
2 Upgraded node.js to version 20.19.4 to remedy CVE-2025-23166 in Splunk Enterprise version 10.0.3. Applied manual patches to remedy CVE-2025-27210 in Splunk Enterprise versions 9.4.7, 9.3.9, and 9.2.11. CVE-2025-23166 does not affect Splunk Enterprise versions 9.4.x, 9.3.x. CVE-2025-23166 does not affect Splunk Enterprise version 10.2.x because Splunk removed node.js in that version.
3 Upgraded node.js to version 20.19.4 to remedy CVE-2025-23166 in Splunk Enterprise for Windows version 10.0.3. Applied manual patches to remedy CVE-2025-27210 in Splunk Enterprise for Windows versions 9.4.7, 9.3.9, and 9.2.11. CVE-2025-23166 does not affect Splunk Enterprise for Windows versions 9.4.x, 9.3.x. CVE-2025-23166 does not affect Splunk Enterprise for Windows version 10.2.x because Splunk removed node.js in that version.
Solution
Upgrade Splunk Universal Forwarder to versions 10.0.3, 9.4.8, 9.3.9, 9.2.12, or higher.
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Splunk Universal Forwarder | 10.0 | 10.0.0 to 10.0.2 | 10.0.3 |
| Splunk Universal Forwarder | 9.4 | 9.4.0 to 9.4.7 | 9.4.8 |
| Splunk Universal Forwarder | 9.3 | 9.3.0 to 9.3.8 | 9.3.9 |
| Splunk Universal Forwarder | 9.2 | 9.2.0 to 9.2.11 | 9.2.12 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.