Third-Party Package Updates in Splunk Universal Forwarder - May 2026
Advisory ID: SVD-2026-0506
CVE ID: Multiple
Published: 2026-05-20
Last Update: 2026-07-01
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Universal Forwarder versions 9.4.11, and higher.
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| rsync1 | Upgraded rsync to version 3.4.1 | Multiple | Critical |
1 Upgraded rsync to version 3.4.1 to remedy CVE-2024-12084, CVE-2024-12086, CVE-2024-12087, and CVE-2024-12088 in Splunk Universal Forwarder version 9.4.11 on Linux. Splunk Universal Forwarder for Windows and Splunk Universal Forwarder for macOS do not include rsync or rsync-ssl and are not affected. Splunk Universal Forwarder 10.2.x, 10.1.x, and 10.0.x do not include rsync.
Solution
Upgrade Splunk Universal Forwarder to versions 10.2.3, 10.0.6, 9.4.11, 9.3.12, or higher.
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Splunk Universal Forwarder | 9.4 | 9.4.0 to 9.4.10 | 9.4.11 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.
Changelog
- 2026-07-01: Updated advisory notes to reflect the affected Splunk Universal Forwarder versions.