Third-Party Package Updates in Splunk AppDynamics On-Premises Enterprise Console - March 2026
Advisory ID: SVD-2026-0307
CVE ID: Multiple
Published: 2026-03-11
Last Update: 2026-03-11
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk AppDynamics On-Premises Enterprise Console version 26.1.1, and higher, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| tomcat1 | Updated | Multiple | Critical |
| golang2 | Upgraded | Multiple | High |
| gstreamer3 | Upgraded | Multiple | High |
| curl4 | Upgraded | Multiple | High |
| openssl5 | Upgraded | Multiple | High |
| nodemailer6 | Upgraded | Multiple | High |
| glib7 | Upgraded | Multiple | High |
| jose4j | Upgraded to version 0.9.6 | CVE-2024-29371 | High |
| aws-java-sdk-s3 | Upgraded to version 1.12.261 | CVE-2022-31159 | Medium |
| bouncycastle-fips | Upgraded to version 2.0.1 | CVE-2025-8885 | Medium |
| jsch | Upgraded to version 2.27.2 | CVE-2023-48795 | Medium |
| nimbus-jose-jwt | Upgraded to version 9.37.4 | CVE-2025-53864 | Medium |
| groovy | Upgraded to version 2.4.21 | CVE-2020-17521 | Medium |
| libarchive | Upgraded to version 3.8.2 | CVE-2025-60753 | Medium |
| netty-codec-smtp | Upgraded to version 4.2.7 | CVE-2025-59419 | Medium |
| js-yaml | Upgraded to version 4.1.1 | CVE-2025-64718 | Medium |
| mysql8 | Upgraded | Multiple | Medium |
| angular9 | Upgraded | Multiple | High |
1 Moved to a fixed version - 9.0.111, and removed other tomcat instances to remediate CVE-2025-24813, CVE-2024-52316, CVE-2025-31651, CVE-2024-50379, CVE-2024-56337, CVE-2025-55754, CVE-2025-48988, CVE-2024-23672, CVE-2025-55752, CVE-2024-34750, CVE-2024-38286, CVE-2025-52520, CVE-2025-49125, CVE-2024-24549, CVE-2025-48989, CVE-2023-44487, CVE-2025-53506, CVE-2025-46701, CVE-2025-55668, CVE-2024-54677, and CVE-2025-61795.
2 Upgraded golang from version 1.25.0 to version 1.25.3 to remedy CVE-2025-58187, CVE-2025-61725, CVE-2025-61723, CVE-2025-58188, CVE-2025-47910, CVE-2025-58189, CVE-2025-61724, CVE-2025-58186, CVE-2025-47912, CVE-2025-58185, and CVE-2025-58183.
3 Upgraded gstreamer from version 1.24.10 to version 1.26.5 to remedy CVE-2025-3887, CVE-2025-2759, CVE-2025-47808, CVE-2025-47807, CVE-2025-47806, and CVE-2025-47183.
4 Upgraded curl from version 8.14.1 to version 8.17.0 to remedy CVE-2025-9086, CVE-2025-10148, and CVE-2025-10966.
5 Upgraded multiple OpenSSL instances to versions 3.0.18 and 3.5.4 to remedy CVE-2025-9230 and CVE-2025-9232.
6 Upgraded nodemailer from version 6.8.0 to version 7.0.11 to remedy CVE-2025-13033 and CVE-2025-14874.
7 Upgraded glib from version 2.82.4 to version 2.84.3 to remedy CVE-2025-4056 and CVE-2025-3360.
8 Upgraded mysql from version 8.0.43 to version 8.0.45 to remedy CVE-2025-53040, CVE-2025-53042, CVE-2025-53044, CVE-2025-53045, CVE-2025-53053, CVE-2025-53054, CVE-2025-53062, and CVE-2025-53069.
9 Upgraded angular from version 1.9.3 to version 1.9.11 to remedy CVE-2024-21490, CVE-2023-26118, CVE-2025-0716, CVE-2024-8373, and CVE-2024-8372.
Solution
Upgrade Splunk AppDynamics On-Premises Enterprise Console to versions 26.1.1 or higher.
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Splunk AppDynamics On-Premises Enterprise Console | 26.1 | Below 26.1.1 | 26.1.1 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.