Third-Party Package Updates in Splunk AppDynamics Analytics Agent - March 2026
Advisory ID: SVD-2026-0313
CVE ID: Multiple
Published: 2026-03-11
Last Update: 2026-03-11
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk AppDynamics Analytics Agent version 26.1.0, and higher, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| netty / netty-codec / netty-codec-http1 | Upgraded | Multiple | High |
| aws-java-sdk-s3 | Upgraded to version 1.12.261 | CVE-2022-31159 | Medium |
| bouncycastle-fips | Upgraded to version 1.0.2.6 | CVE-2025-8885 | Medium |
| elasticsearch | Upgraded to version 8.19.5 | CVE-2025-37727 | Medium |
| groovy | Upgraded to version 2.4.21 | CVE-2020-17521 | Medium |
1 Upgraded the netty, netty-codec and netty-codec-http packages, from version 4.1.118 to version 4.1.126 to remedy CVE-2025-55163, CVE-2025-58056, and CVE-2025-58057.
Solution
Upgrade Splunk AppDynamics Analytics Agent to versions 26.1.0 or higher.
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Splunk AppDynamics Analytics Agent | 26.1 | Below 26.1.0 | 26.1.0 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.