← back
CVE-2026-20165

Sensitive Information Disclosure in MongoClient logging channel in Splunk Enterprise

CVSS 6.3 MEDIUMEPSS 0.2%CWE-532
In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve sensitive information by inspecting the job's search log due to improper access control in the MongoClient logging channel.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected products
Splunk · Splunk Cloud PlatformSplunk · Splunk Enterprise

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://advisory.splunk.com/advisories/SVD-2026-0304