CVE-2026-20202
Received Received - Intake
Improper Input Validation in Splunk Usernames Causes Account Issues

Publication date: 2026-04-15

Last updated on: 2026-04-17

Assigner: Cisco Systems, Inc.

Description
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127, a user who holds a role that contains the high-privilege capability `edit_user`could create a specially crafted username that includes a null byte or a non-UTF-8 percent-encoded byte due to improper input validation.<br><br>This could lead to inconsistent conversion of usernames into a proper format for storage and account management inconsistencies, such as being unable to edit or delete affected users.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-15
Last Modified
2026-04-17
Generated
2026-05-07
AI Q&A
2026-04-15
EPSS Evaluated
2026-05-05
NVD
CVE-2026-20202
EUVD
EUVD-2026-22930
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
splunk splunk From 10.0.0 (inc) to 10.0.5 (exc)
splunk splunk From 9.3.0 (inc) to 9.3.11 (exc)
splunk splunk From 9.4.0 (inc) to 9.4.10 (exc)
splunk splunk From 10.2.0 (inc) to 10.2.2 (exc)
splunk splunk_cloud_platform From 10.0.2503 (inc) to 10.0.2503.13 (exc)
splunk splunk_cloud_platform From 10.1.2507 (inc) to 10.1.2507.20 (exc)
splunk splunk_cloud_platform From 10.2.2510 (inc) to 10.2.2510.10 (exc)
splunk splunk_cloud_platform From 10.3.2512 (inc) to 10.3.2512.6 (exc)
splunk splunk_cloud_platform From 9.3.2411 (inc) to 9.3.2411.127 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-176 The product does not properly handle when an input contains Unicode encoding.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability affects certain versions of Splunk Enterprise and Splunk Cloud Platform where a user with the high-privilege capability `edit_user` can create a username containing a null byte or a non-UTF-8 percent-encoded byte due to improper input validation.

Because of this improper validation, usernames may be inconsistently converted into a proper format for storage, which leads to account management issues such as being unable to edit or delete the affected user accounts.


How can this vulnerability impact me? :

The impact of this vulnerability is that user accounts created with specially crafted usernames may become inconsistent in the system, causing difficulties in managing these accounts.

  • Inability to edit affected user accounts.
  • Inability to delete affected user accounts.

This can lead to administrative challenges and potential security risks if problematic accounts cannot be properly managed or removed.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

No detection methods or specific commands have been provided for this vulnerability.


What immediate steps should I take to mitigate this vulnerability?

The recommended immediate step to mitigate this vulnerability is to upgrade affected Splunk Enterprise and Splunk Cloud Platform versions to the fixed releases.

  • Upgrade Splunk Enterprise to version 10.2.2, 10.0.5, 9.4.10, or 9.3.11 or above.
  • Upgrade Splunk Cloud Platform to version 10.4.2603.0 or the respective fixed versions listed.

No other mitigations or workarounds are available.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not specify how this vulnerability directly affects compliance with common standards and regulations such as GDPR or HIPAA.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart