CVE-2026-20202
Received Received - Intake
Improper Input Validation in Splunk Usernames Causes Account Issues

Publication date: 2026-04-15

Last updated on: 2026-04-17

Assigner: Cisco Systems, Inc.

Description
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127, a user who holds a role that contains the high-privilege capability `edit_user`could create a specially crafted username that includes a null byte or a non-UTF-8 percent-encoded byte due to improper input validation.<br><br>This could lead to inconsistent conversion of usernames into a proper format for storage and account management inconsistencies, such as being unable to edit or delete affected users.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-15
Last Modified
2026-04-17
Generated
2026-06-16
AI Q&A
2026-04-15
EPSS Evaluated
2026-06-15
NVD
CVE-2026-20202
EUVD
EUVD-2026-22930
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
splunk splunk From 10.0.0 (inc) to 10.0.5 (exc)
splunk splunk From 9.3.0 (inc) to 9.3.11 (exc)
splunk splunk From 9.4.0 (inc) to 9.4.10 (exc)
splunk splunk From 10.2.0 (inc) to 10.2.2 (exc)
splunk splunk_cloud_platform From 10.0.2503 (inc) to 10.0.2503.13 (exc)
splunk splunk_cloud_platform From 10.1.2507 (inc) to 10.1.2507.20 (exc)
splunk splunk_cloud_platform From 10.2.2510 (inc) to 10.2.2510.10 (exc)
splunk splunk_cloud_platform From 10.3.2512 (inc) to 10.3.2512.6 (exc)
splunk splunk_cloud_platform From 9.3.2411 (inc) to 9.3.2411.127 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-176 The product does not properly handle when an input contains Unicode encoding.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects certain versions of Splunk Enterprise and Splunk Cloud Platform where a user with the high-privilege capability `edit_user` can create a username containing a null byte or a non-UTF-8 percent-encoded byte due to improper input validation.

Because of this improper validation, usernames may be inconsistently converted into a proper format for storage, which leads to account management issues such as being unable to edit or delete the affected user accounts.

Impact Analysis

The impact of this vulnerability is that user accounts created with specially crafted usernames may become inconsistent in the system, causing difficulties in managing these accounts.

  • Inability to edit affected user accounts.
  • Inability to delete affected user accounts.

This can lead to administrative challenges and potential security risks if problematic accounts cannot be properly managed or removed.

Detection Guidance

No detection methods or specific commands have been provided for this vulnerability.

Mitigation Strategies

The recommended immediate step to mitigate this vulnerability is to upgrade affected Splunk Enterprise and Splunk Cloud Platform versions to the fixed releases.

  • Upgrade Splunk Enterprise to version 10.2.2, 10.0.5, 9.4.10, or 9.3.11 or above.
  • Upgrade Splunk Cloud Platform to version 10.4.2603.0 or the respective fixed versions listed.

No other mitigations or workarounds are available.

Compliance Impact

The provided information does not specify how this vulnerability directly affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20202. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart