Third-Party Package Updates in Splunk Operator for Kubernetes Add-on - April 2026

Advisory ID: SVD-2026-0408

CVE ID:  Multiple

Published: 2026-04-15

Last Update: 2026-04-15

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Operator for Kubernetes Add-on version 3.1.0, including the following:

PackageRemediationCVESeverity
golang1Upgraded golang to version 1.25.7MultipleCritical
golang.org/x/crypto2Upgraded golang.org/x/crypto to version 0.47.0MultipleHigh
GnuTLS3Upgraded GnuTLS from version gnutls-3.6.16-8.el8_10.3 to version gnutls-3.6.16-8.el8_10.4MultipleHigh
libssh4Upgraded libssh from version libssh-0.9.6-14.el8 to version libssh-0.9.6-16.el8_10MultipleHigh
glib25Upgraded glib2 from version glib2-2.56.4-166.el8_10 to version glib2-2.56.4-168.el8_10CVE-2025-13601High

1 Upgraded golang from version 1.24.2 to version 1.25.7 to remedy CVE-2025-68121, CVE-2025-61726, CVE-2025-61730, CVE-2025-4673, CVE-2025-0913, CVE-2025-22874, CVE-2025-61728.

2 Upgraded golang.org/x/crypto from version 0.39.0 to version 0.47.0 to remedy CVE-2025-47913, CVE-2025-47914, CVE-2025-58181.

3 Upgraded container base image ubi-minimal to version 8.10-1770223153 to remedy GnuTLS CVE-2025-32988, CVE-2025-6395, CVE-2025-32990.

4 Upgraded container base image ubi-minimal to version 8.10-1770223153 to remedy libssh CVE-2025-5372, CVE-2025-5318.

5 Upgraded container base image ubi-minimal to version 8.10-1770223153 to remedy glib2 CVE-2025-13601.

Solution

Upgrade Splunk Operator for Kubernetes Add-on to versions 3.1.0 or higher.

See Splunk Operator for Kubernetes releases

Product Status

ProductBase VersionAffected VersionFix Version
Splunk Operator for Kubernetes Add-on3.1Below 3.1.03.1.0

Severity

For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.