Third-Party Package Updates in Splunk AppDynamics Private Synthetic Agent - March 2026
Advisory ID: SVD-2026-0309
CVE ID: Multiple
Published: 2026-03-11
Last Update: 2026-03-11
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk AppDynamics Private Synthetic Agent version 26.1.0, and higher, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| glib1 | Upgraded | Multiple | Critical |
| openexr2 | Removed | Multiple | Critical |
| systemd3 | Removed | Multiple | High |
| chromium4 | Upgraded | Multiple | High |
| ffmpeg5 | Upgraded | Multiple | High |
| gnutls6 | Upgraded | Multiple | High |
| openssl7 | Upgraded | CVE-2025-9230 | High |
| crossbeam-channel | Upgraded to version 0.5.15 | CVE-2025-4574 | Medium |
| c-ares | Upgraded to version 1.34.6 | CVE-2025-62408 | Medium |
| libssh | Upgraded to version 0.11.3 | CVE-2025-8114 | Medium |
1 Upgraded glib from version 2.84.4 to version 2.86.3 to remedy CVE-2025-13601, CVE-2025-14087, and CVE-2025-14512.
2 Removed openexr to remedy CVE-2025-12495, CVE-2025-12839, CVE-2025-12840, CVE-2025-48071, CVE-2025-48072, CVE-2025-48073, CVE-2025-48074, CVE-2025-64181, CVE-2025-64182, CVE-2025-64183, and CVE-2026-26981.
3 Removed systemd to remedy CVE-2012-0871, CVE-2013-4327, CVE-2013-4391, CVE-2013-4392, CVE-2013-4393, CVE-2013-4394, CVE-2016-7795, CVE-2017-18078, CVE-2017-9217, CVE-2018-1049, CVE-2018-15686, CVE-2018-15688, CVE-2018-16864, CVE-2018-16865, CVE-2018-16888, CVE-2018-6954, CVE-2019-20386, CVE-2019-3842, CVE-2019-3843, CVE-2019-3844, CVE-2020-13776, CVE-2020-1712, CVE-2021-33910, CVE-2022-3821, CVE-2023-26604, and CVE-2025-4598.
4 Upgraded chromium from version 140.0.7339.207 to version 143.0.7499.40 to remedy CVE-2025-11205, CVE-2025-11206, CVE-2025-11207, CVE-2025-11208, CVE-2025-11209, CVE-2025-11210, CVE-2025-11211, CVE-2025-11212, CVE-2025-11213, CVE-2025-11215, CVE-2025-11216, CVE-2025-11219, CVE-2025-11458, CVE-2025-11460, CVE-2025-11756, CVE-2025-12036, CVE-2025-12428, CVE-2025-12429, CVE-2025-12430, CVE-2025-12431, CVE-2025-12432, CVE-2025-12433, CVE-2025-12434, CVE-2025-12435, CVE-2025-12436, CVE-2025-12437, CVE-2025-12438, CVE-2025-12439, CVE-2025-12440, CVE-2025-12441, CVE-2025-12443, CVE-2025-12444, CVE-2025-12445, CVE-2025-12446, CVE-2025-12447, CVE-2025-12725, CVE-2025-12726, CVE-2025-12727, CVE-2025-12728, CVE-2025-12729, CVE-2025-13042, CVE-2025-13223, CVE-2025-13224, CVE-2025-13226, CVE-2025-13227, CVE-2025-13228, CVE-2025-13229, and CVE-2025-13230.
5 Upgraded ffmpeg from version 6.1.2 to version 8.0.1 to remedy CVE-2023-49501, CVE-2023-6601, CVE-2023-6602, CVE-2023-6604, CVE-2023-6605, CVE-2025-0518, CVE-2025-10256, CVE-2025-1594, CVE-2025-22919, CVE-2025-59729, CVE-2025-59730, and CVE-2025-9951.
6 Upgraded gnutls from version 3.8.8 to version 3.8.11 to remedy CVE-2024-12243, CVE-2025-32988, CVE-2025-32989, CVE-2025-32990, CVE-2025-6395, and CVE-2025-9820.
7 Upgraded multiple instances to the fixed versions - 1.1.1zd / 3.0.18 / 3.5.4, in order to remediate the CVE.
Solution
Upgrade Splunk AppDynamics Private Synthetic Agent to versions 26.1.0 or higher.
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Splunk AppDynamics Private Synthetic Agent | 26.1 | Below 26.1.0 | 26.1.0 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.