Third-Party Package Updates in Splunk IT Service Intelligence (ITSI) - April 2026
Advisory ID: SVD-2026-0406
CVE ID: Multiple
Published: 2026-04-15
Last Update: 2026-04-15
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in the Splunk IT Service Intelligence (ITSI) app version 4.21.2 including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| nats-server1 | Upgraded nats-server to version 2.12.4 | Multiple | Critical |
| netty-codec2 | Upgraded netty-codec to version 4.1.125 | Multiple | High |
| netty-handler3 | Upgraded netty-handler to version 4.1.118 | CVE-2025-24970 | High |
1 Upgraded nats-server to version 2.12.4 to remedy CVE-2025-22871, CVE-2025-61725, CVE-2025-61723, CVE-2025-58188, CVE-2025-58187, CVE-2025-47907, CVE-2025-4674 and CVE-2025-22874
2 Upgraded netty-codec to version 4.1.125 to remedy CVE-2025-58056 and CVE-2025-58057
3 Upgraded netty-handler to version 4.1.118 to remedy CVE-2025-24970
Solution
Upgrade IT Service Intelligence (ITSI) app to versions 4.21.2, or higher.
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Splunk IT Service Intelligence (ITSI) | 4.21 | Below 4.21.2 | 4.21.2 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.