CVE-2026-20255
Undergoing Analysis Undergoing Analysis - In Progress
Stored XSS in Splunk Enterprise and Splunk Cloud Platform Dashboards

Publication date: 2026-06-10

Last updated on: 2026-06-10

Assigner: Cisco Systems, Inc.

Description
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server. The vulnerability exists because URL validation on the external content dialog is incomplete, which can allow for requests to untrusted domains when a user interacts with a crafted dashboard.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-10
Last Modified
2026-06-10
Generated
2026-06-15
AI Q&A
2026-06-10
EPSS Evaluated
2026-06-14
NVD
CVE-2026-20255
EUVD
EUVD-2026-36083
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
splunk splunk_enterprise to 9.3.13 (exc)
splunk splunk_cloud_platform to 9.3.2411.132 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can lead to the unauthorized exfiltration of sensitive data from your Splunk environment to external, untrusted servers.

Since a low-privileged user can exploit this issue by crafting a malicious dashboard, it increases the risk of data leakage without requiring high-level permissions.

The impact is significant because sensitive information could be exposed to attackers, potentially compromising confidentiality.

Detection Guidance

Splunk has not provided specific detection methods or commands for this vulnerability.

Mitigation Strategies

To mitigate the risk of this vulnerability, you should upgrade to the latest versions of Splunk Enterprise or Splunk Cloud Platform.

Alternatively, you can configure the Dashboards Trusted Domains List to restrict external domains.

You may also review and restrict dashboard creation permissions for roles to limit the ability of low-privileged users to craft malicious dashboards.

Executive Summary

CVE-2026-20255 is a vulnerability in Splunk Enterprise and Splunk Cloud Platform that allows a low-privileged user, who does not have admin or power roles, to create a malicious classic dashboard.

This malicious dashboard can exfiltrate sensitive data to an external server because the URL validation on the external content dialog is incomplete. This flaw allows requests to untrusted domains when a user interacts with the crafted dashboard.

The vulnerability affects specific versions of Splunk Enterprise and Splunk Cloud Platform below certain version thresholds.

Compliance Impact

This vulnerability allows a low-privileged user to exfiltrate sensitive data to an external server by exploiting incomplete URL validation in Splunk dashboards.

Such unauthorized data exfiltration can lead to exposure of sensitive information, which may result in non-compliance with data protection regulations like GDPR and HIPAA that require strict controls over sensitive data access and transmission.

Therefore, organizations using affected versions of Splunk Enterprise or Splunk Cloud Platform could face compliance risks if this vulnerability is exploited.

Mitigation steps such as upgrading to fixed versions, restricting dashboard creation permissions, or configuring trusted domains can help reduce these compliance risks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20255. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart