Vulnerabilities in Splunk
170 resultsCVE-2026-20253CRITICALUnauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk EnterpriseEPSS 92.1%KEVCVE-2023-46214HIGHRemote code execution (RCE) in Splunk Enterprise through Insecure XML ParsingEPSS 89.1%CVE-2023-32707HIGH‘edit_user’ Capability Privilege EscalationEPSS 73.5%CVE-2023-32714HIGHPath Traversal in Splunk App for Lookup File EditingEPSS 42.8%CVE-2022-43568HIGHReflected Cross-Site Scripting via the radio template in Splunk EnterpriseEPSS 42.8%CVE-2022-43571HIGHRemote Code Execution through dashboard PDF generation component in Splunk EnterpriseEPSS 14.3%CVE-2024-36991HIGHPath Traversal on the “/modules/messaging/“ endpoint in Splunk Enterprise on WindowsEPSS 13.1%CVE-2025-20297MEDIUMReflected Cross-Site Scripting (XSS) on Splunk Enterprise through dashboard PDF generation componentEPSS 13.1%CVE-2024-45741MEDIUMPersistent Cross-Site Scripting (XSS) via props.conf on Splunk EnterpriseEPSS 12.9%CVE-2025-20229HIGHRemote Code Execution through file upload to “$SPLUNK_HOME/var/run/splunk/apptemp“ directory in Splunk EnterpriseEPSS 11.8%CVE-2024-36985HIGHRemote Code Execution (RCE) through an external lookup due to “copybuckets.py“ script in the “splunk_archiver“ application in Splunk EnterpriseEPSS 6.5%CVE-2026-20139MEDIUMClient-Side Denial of Service (DoS) through ''/splunkd/__raw/services/authentication/users/username'' REST API endpoint in Splunk EnterpriseEPSS 5.1%CVE-2026-20204HIGHImproper Handling and Insufficient Isolation of Specific Temporary Files in Splunk EnterpriseEPSS 3.3%CVE-2024-36984HIGHRemote Code Execution through Serialized Session Payload in Splunk Enterprise on WindowsEPSS 1.4%CVE-2022-26889HIGHPath Traversal in search parameter results in external content injectionEPSS 1.3%CVE-2022-43567HIGHRemote Code Execution via the Splunk Secure Gateway application Mobile Alerts featureEPSS 1.2%CVE-2023-22934HIGHSPL Command Safeguards Bypass via the ‘pivot’ SPL Command in Splunk EnterpriseEPSS 1.1%CVE-2024-45733HIGHRemote Code Execution (RCE) due to insecure session storage configuration in Splunk Enterprise on WindowsEPSS 1.1%CVE-2024-53247HIGHRemote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway appEPSS 1.1%CVE-2023-22941MEDIUMImproperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk DaemonEPSS 1.0%