Third-Party Package Updates in Splunk Universal Forwarder - March 2026
Advisory ID: SVD-2026-0314
CVE ID: Multiple
Published: 2026-03-18
Last Update: 2026-03-18
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Universal Forwarder versions 10.2.1, 10.0.4, and higher.
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| OpenSSL1 | Upgraded to versions 1.0.2zo and 3.0.19 | Multiple | High |
1 Upgraded OpenSSL to version 1.0.2zo to remedy CVE-2026-22796 atopt/splunkforwarder/lib/libcrypto.so.1.0.0, and /opt/splunkforwarder/lib/libssl.so.1.0.0 in Splunk Universal Forwarder versions 10.2.1 and 10.0.4. Upgraded OpenSSL to version 3.0.19 to remedy CVE-2025-15467, CVE-2026-22795 at /opt/splunkforwarder/bin/openssl in Splunk Universal Forwarder versions 10.2.1 and 10.0.4
Solution
Upgrade Splunk Universal Forwarder to versions 10.2.1, 10.0.4, or higher.
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Splunk Universal Forwarder | 10.2 | Below 10.2.1 | 10.2.1 |
| Splunk Universal Forwarder | 10.0 | 10.0.0 to 10.0.3 | 10.0.4 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.