Third-Party Package Updates in Splunk Universal Forwarder - February 2026
Advisory ID: SVD-2026-0210
CVE ID: Multiple
Published: 2026-02-18
Last Update: 2026-02-18
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Universal Forwarder versions 10.0.3, 9.4.8, 9.3.9, 9.2.12, and higher.
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| openssl1 | Upgraded to versions 1.0.2zm and 3.0.18 | CVE-2025-9230 | Medium |
1 Updated openssl to version 1.0.2zm at /opt/splunkforwarder/bin/openssl, /opt/splunkforwarder/lib/libcrypto.so.1.0.0, and /opt/splunkforwarder/lib/libssl.so.1.0.0 to remedy CVE-2025-9230 for versions 9.4.8 and 9.3.9. Upgraded openssl to version 3.0.18 at /opt/splunkforwarder/bin/openssl for versions 10.2.0 and 10.0.3.
Solution
Upgrade Splunk Universal Forwarder to versions 10.0.3, 9.4.8, 9.3.9, 9.2.12, or higher.
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Splunk Universal Forwarder | 10.0 | 10.0.0 to 10.0.2 | 10.0.3 |
| Splunk Universal Forwarder | 9.4 | 9.4.0 to 9.4.7 | 9.4.8 |
| Splunk Universal Forwarder | 9.3 | 9.3.0 to 9.3.8 | 9.3.9 |
| Splunk Universal Forwarder | 9.2 | 9.2.0 to 9.2.11 | 9.2.12 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.
Changelog
- 2026-02-18: Removed the node.js component from the advisory