Third-Party Package Updates in Splunk/Splunk Docker - May 2026
Advisory ID: SVD-2026-0501
CVE ID: Multiple
Published: 2026-05-13
Last Update: 2026-05-13
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in the “splunk/splunk” Docker image with image tags 10.2.2, 10.0.5, 9.4.10, 9.3.11 and “latest”.
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| ansible-core1 | Upgraded to version 2.18.15 | Multiple | Medium |
| certifi2 | Removed | CVE-2024-39689 | High |
| urllib33 | Removed | Multiple | High |
| setuptools4 | Removed | Multiple | High |
| setuptools5 | Removed | Multiple | High |
| virtualenv6 | Removed | Multiple | High |
| braces7 | Removed | CVE-2024-4068 | High |
| aiohttp8 | Removed | Multiple | High |
| yaml9 | Removed | CVE-2023-2251 | High |
| cryptography10 | Removed | Multiple | High |
1 Upgraded anisble-core from version 2.15.13 to version 2.18.15 to remedy CVE-2024-8775 and CVE-2024-11079
2 Removed the digitalocean in ansible collections, eliminating the certifi dependency to remedy CVE-2024-39689.
3 Removed the digitalocean in ansible collections, eliminating the urllib3 dependency to remedy CVE-2025-66471, CVE-2025-50181 CVE-2025-66418 and CVE-2026-21441.
4 Removed the digitalocean and grafana in ansible collections, eliminating the setuptools dependency to remedy CVE-2024-6345 and CVE-2025-47273.
5 Removed the digitalocean and grafana in ansible collections, eliminating the setuptools dependency to remedy CVE-2024-6345 and CVE-2025-47273.
6 Removed the digitalocean in ansible collections, eliminating the virtualenv dependency to remedy CVE-2024-53899 and CVE-2026-22702.
7 Removed the grafana in ansible collections, eliminating the braces dependency to remedy CVE-2024-4068.
8 Removed the digitalocean in ansible collections, eliminating the aiohttp dependency to remedy CVE-2023-47627, CVE-2023-49081, CVE-2023-49082, CVE-2024-23334, CVE-2024-23829, CVE-2024-30251, CVE-2024-27306, CVE-2024-52304, CVE-2025-69223, CVE-2025-69225, CVE-2025-69226, CVE-2025-69227, CVE-2025-69228 andCVE-2025-69229.
9 Removed the grafana in ansible collections, eliminating the yaml dependency to remedy CVE-2023-2251.
10 Removed the digitalocean and grafana in ansible collections, eliminating the cryptograohy dependency to remedy CVE-2023-50782 and CVE-2024-26130.
Solution
Upgrade your Splunk Docker image to the most up-to-date version using the image with the tag “latest”.
Depending on your current image or container version, you can also upgrade using images with tags 10.2.2, 10.0.5, 9.4.10, 9.3.11, or higher.
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| splunk/splunk | 10.2 | 10.2.0 to 10.2.1 | 10.2.2 |
| splunk/splunk | 10.0 | 10.0.0 to 10.0.4 | 10.0.5 |
| splunk/splunk | 9.4 | 9.4.0 to 9.4.9 | 9.4.10 |
| splunk/splunk | 9.3 | 9.3.0 to 9.3.10 | 9.3.11 |
Severity
For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.