CVE-2026-20144 - CERT CVE

  1. CVE-2026-20144

ID CVE-2026-20144
Sažetak In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for Attribute query requests (AQRs) or Authentication extensions in plain text within the conf.log file, depending on which feature is configured.
Reference
CVSS
Base: 6.8
Impact: 5.9
Exploitability:0.9
Pristup
VektorSloženostAutentikacija
ADJACENT_NETWORK LOW HIGH
Impact
PovjerljivostCjelovitostDostupnost
HIGH HIGH HIGH
CVSS vektor CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Zadnje važnije ažuriranje 19-02-2026 - 15:53
Objavljeno 18-02-2026 - 18:24