Third-Party Package Updates in Splunk AppDynamics Machine Agent - March 2026
Advisory ID: SVD-2026-0308
CVE ID: Multiple
Published: 2026-03-11
Last Update: 2026-03-11
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk AppDynamics Machine Agent version 26.1.0, and higher, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| apache-log4j | Upgraded to version 2.25.3 | CVE-2025-68161 | Medium |
| curl | Upgraded to version 8.17.0 | CVE-2025-9086 | High |
| logback-core | Upgraded to version 1.5.19 | CVE-2025-11226 | Medium |
| netty | Upgraded to version 4.1.129 | CVE-2025-67735 | Medium |
| netty-codec-smtp | Upgraded to version 4.1.129 | CVE-2025-59419 | Medium |
| openssl | Upgraded to version 3.0.18 | CVE-2025-9230 | High |
| python1 | Upgraded | Multiple | Medium |
| openjdk2 | Upgraded | Multiple | High |
1 Upgraded python from version 3.9.23-2 to version 3.9.25-3 to remedy CVE-2024-5642, CVE-2025-12084, CVE-2025-6075, CVE-2025-6069, and CVE-2025-8291.
2 Upgraded openjdk from version 17.0.17 to version 17.0.18 to remedy CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, and CVE-2026-21925.
Solution
Upgrade Splunk AppDynamics Machine Agent to versions 26.1.0 or higher.
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Splunk AppDynamics Machine Agent | 26.1 | Below 26.1.0 | 26.1.0 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.