CVE-2026-20144

Published: Feb 18, 2026Modified: Feb 23, 2026

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for Attribute query requests (AQRs) or Authentication extensions in plain text within the conf.log file, depending on which feature is configured.

Affected (7)

Products: Splunk: Splunk, Splunk Cloud Platform

Splunk

2 products

Splunk

Splunk Cloud Platform

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Splunk Splunk	From 10.0.0 to 10.0.2
Splunk Splunk	From 9.2.0 to 9.2.11
Splunk Splunk	From 9.3.0 to 9.3.8
Splunk Splunk	From 9.4.0 to 9.4.7
Splunk Splunk Cloud Platform	From 10.0.2503 to 10.0.2503.9
Splunk Splunk Cloud Platform	From 10.1.2507 to 10.1.2507.11
Splunk Splunk Cloud Platform	From 9.3.2411 to 9.3.2411.120

Related CWEs

CWE-532

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (1)

https://advisory.splunk.com/advisories/SVD-2026-0209

Source: psirt@cisco.com

Vendor Advisory

Timeline

No history available yet.