CVE-2026-20162
Stored XSS via Path Traversal in Splunk Enterprise Views
Publication date: 2026-03-11
Last updated on: 2026-03-23
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| splunk | splunk | From 10.0.0 (inc) to 10.0.3 (exc) |
| splunk | splunk | From 9.3.0 (inc) to 9.3.9 (exc) |
| splunk | splunk | From 9.4.0 (inc) to 9.4.9 (exc) |
| splunk | splunk_cloud_platform | From 9.3.2411 (inc) to 9.3.2411.123 (exc) |
| splunk | splunk_cloud_platform | From 10.0.2503 (inc) to 10.0.2503.11 (exc) |
| splunk | splunk_cloud_platform | From 10.1.2507 (inc) to 10.1.2507.15 (exc) |
| splunk | splunk_cloud_platform | From 10.2.2510 (inc) to 10.2.2510.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-20162 is a Stored Cross-Site Scripting (XSS) vulnerability found in certain versions of Splunk Enterprise and Splunk Cloud Platform. It occurs at the REST API endpoint /manager/launcher/data/ui/views/_new, where a low-privileged user without admin or power roles can create a malicious payload when creating a View. This payload exploits a path traversal vulnerability, which leads to the storage of malicious JavaScript code that executes in the browser of another user.
Exploitation requires the attacker to trick (phish) the victim into initiating a request in their browser. The vulnerability cannot be exploited arbitrarily by an authenticated user without user interaction.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized execution of JavaScript code in the browser of a user, potentially allowing attackers to steal sensitive information, hijack user sessions, or perform actions on behalf of the victim within the Splunk environment.
Because the attack requires phishing and user interaction, the risk depends on the ability of an attacker to trick users into initiating malicious requests.
The CVSS score of 6.3 (Medium) reflects a network attack vector with low complexity and low privileges required, but with high confidentiality impact.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
No specific detection methods or commands for identifying this vulnerability on your network or system are provided in the available information.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade Splunk Enterprise to versions 10.2.0, 10.0.3, 9.4.9, or 9.3.9 or upgrade Splunk Cloud Platform to the corresponding fixed versions.
As a workaround, disabling Splunk Web can prevent exploitation of this vulnerability.