Third-Party Package Updates in Splunk Enterprise - February 2026
Advisory ID: SVD-2026-0211
CVE ID: Multiple
Published: 2026-02-18
Last Update: 2026-02-18
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Enterprise versions 10.0.3, 9.4.8, 9.3.9, 9.2.12, and higher.
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| golang1 | Upgraded to version 1.24.11 | Multiple | Critical |
| node.js2 | See Notes | Multiple | High |
| node.js3 | See Notes | Multiple | High |
| aiohttp4 | Upgraded to version 3.12.14 | CVE-2025-53643 | High |
| OpenSSL5 | Upgraded to versions 1.0.2zm and 3.0.18 | CVE-2025-9230 | High |
1 Upgraded golang to version 1.24.11 at /opt/splunk/opt/packages/cmp-orchestratorto remedy CVE-2025-0913, CVE-2025-22871, CVE-2025-22874, CVE-2025-4673, CVE-2025-47906, CVE-2025-47907, CVE-2025-47912, CVE-2025-58183, CVE-2025-58185, CVE-2025-58186, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725 in Splunk Enterprise versions 10.2.0 and 10.0.3. The cmp-orchestrator binary is not present in Splunk Enterprise versions 9.4.x and 9.3.x
2 Upgraded node.js to version 20.19.4 to remedy CVE-2025-23166 in Splunk Enterprise version 10.0.3. Applied manual patches to remedy CVE-2025-27210 in Splunk Enterprise versions 9.4.7, 9.3.9, and 9.2.11. CVE-2025-23166 does not affect Splunk Enterprise versions 9.4.x, 9.3.x. CVE-2025-23166 does not affect Splunk Enterprise version 10.2.x because Splunk removed node.js in that version.
3 Upgraded node.js to version 20.19.4 to remedy CVE-2025-23166 in Splunk Enterprise for Windows version 10.0.3. Applied manual patches to remedy CVE-2025-27210 in Splunk Enterprise for Windows versions 9.4.7, 9.3.9, and 9.2.11. CVE-2025-23166 does not affect Splunk Enterprise for Windows versions 9.4.x, 9.3.x. CVE-2025-23166 does not affect Splunk Enterprise for Windows version 10.2.x because Splunk removed node.js in that version.
4 Upgraded aiohttp in Splunk Secure Gateway app to version 3.12.14 to remedy CVE-2025-53643. Fixed in Splunk Enterprise 10.0.3, 9.4.8, and 9.3.9, and Splunk Secure Gateway app versions 3.10.0, 3.9.15, and 3.8.62.
5 Updated openssl to version 1.0.2zm at /opt/splunkforwarder/bin/openssl, /opt/splunkforwarder/lib/libcrypto.so.1.0.0, and /opt/splunkforwarder/lib/libssl.so.1.0.0 to remedy CVE-2025-9230 for versions 9.4.8 and 9.3.9. Upgraded openssl to version 3.0.18 at /opt/splunkforwarder/bin/openssl for versions 10.2.0 and 10.0.3.
Solution
Upgrade Splunk Enterprise to versions 10.0.3, 9.4.8, 9.3.9, 9.2.12, or higher.
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Splunk Enterprise | 10.2 | Not Affected | 10.2.0 |
| Splunk Enterprise | 10.0 | 10.0.0 to 10.0.2 | 10.0.3 |
| Splunk Enterprise | 9.4 | 9.4.0 to 9.4.7 | 9.4.8 |
| Splunk Enterprise | 9.3 | 9.3.0 to 9.3.8 | 9.3.9 |
| Splunk Enterprise | 9.2 | 9.2.0 to 9.2.11 | 9.2.12 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.