Third-Party Package Updates in Splunk DB Connect - February 2026
Advisory ID: SVD-2026-0212
CVE ID: Multiple
Published: 2026-02-18
Last Update: 2026-02-18
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk DB Connect version 4.2.0 including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| qs | Upgraded to version 6.14.1 | CVE-2025-15284 | Low |
| urllib3 | Upgraded to version 2.6.3 | CVE-2026-21441 | High |
Solution
Upgrade Splunk DB Connect to versions 4.2.0 or higher.
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Splunk DB Connect | 4.2 | Below 4.2.0 | 4.2.0 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.