CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership May 22, 2026

Splunk Patches Multiple Vulnerabilities that Enable DOS Attacks and Expose Sensitive Data

Cybersecurity News Archived May 22, 2026 ✓ Full text saved

Splunk has released security updates addressing multiple vulnerabilities across Splunk Enterprise, Splunk Cloud Platform, and the Splunk AI Toolkit that could lead to denial-of-service (DoS) conditions and exposure of sensitive data. The issues, disclosed on May 20, 2026, include three tracked vulnerabilities: CVE-2026-20238, CVE-2026-20239, and CVE-2026-20240. Splunk AI Toolkit Access Flaw (CVE-2026-20238) A medium-severity flaw […] The post Splunk Patches Multiple Vulnerabilities that Enable D

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security News Splunk Patches Multiple Vulnerabilities that Enable DOS Attacks and Expose Sensitive Data By Abinaya May 22, 2026 Splunk has released security updates addressing multiple vulnerabilities across Splunk Enterprise, Splunk Cloud Platform, and the Splunk AI Toolkit that could lead to denial-of-service (DoS) conditions and exposure of sensitive data. The issues, disclosed on May 20, 2026, include three tracked vulnerabilities: CVE-2026-20238, CVE-2026-20239, and CVE-2026-20240. Splunk AI Toolkit Access Flaw (CVE-2026-20238) A medium-severity flaw (CVSS 6.5) affects Splunk AI Toolkit versions below 5.7.3. The issue stems from improper access control caused by misconfigured role inheritance. Specifically, the toolkit modifies the default ‘user’ role using an authorize.conf file with a srchFilter entry. Because Splunk combines inherited search filters using the OR operator, this configuration can override more restrictive filters applied to custom roles. As a result, low-privileged users without ‘admin’ or ‘power’ roles may gain access to sensitive data that should be restricted. Splunk has fixed this issue in version 5.7.3. As a temporary mitigation, organizations can disable the AI Toolkit or manually modify the authorization.conf file to remove or override the srchFilter setting. However, this workaround may expose the ai_agent_run_history_index to broader access, requiring additional restrictions. Sensitive Data Exposure via Logs (CVE-2026-20239) A high-severity vulnerability (CVSS 7.5) impacts Splunk Enterprise and Splunk Cloud Platform. The flaw is caused by improper output sanitization in the TcpChannel component, which logs the entire input/output buffer when socket errors occur. Attackers with access to the _internal index can retrieve sensitive information such as session cookies and HTTP response bodies from log files. This significantly increases the risk of credential theft and session hijacking. Affected versions include: Splunk Enterprise below 10.2.2 and 10.0.5. Splunk Cloud Platform versions before multiple patched releases across supported branches. Splunk recommends upgrading to the latest patched versions and restricting access to the _internal index to administrative roles only. Denial-of-Service in Splunk Archiver (CVE-2026-20240) Another high-severity issue (CVSS 7.1) affects the Splunk Archiver app due to improper input validation in the coldToFrozen.sh script. This script is used for managing data lifecycle transitions. A low-privileged user can exploit this flaw by supplying arbitrary file paths, allowing them to rename critical directories. This can render the Splunk instance inoperable, resulting in a denial-of-service condition. The vulnerability affects multiple versions of Splunk Enterprise (before 10.2.2, 10.0.5, 9.4.11, and 9.3.12) and Splunk Cloud Platform deployments. Organizations are advised to apply patches immediately or turn off the Splunk Archiver app if it is not required. However, turning off the app may interrupt automated data archiving workflows. Splunk strongly urges users to: Upgrade all affected components to the latest secure versions. Restrict access to sensitive indexes such as _internal. Review role-based access controls and inherited permissions. Disable vulnerable apps if patches cannot be applied immediately. These vulnerabilities highlight the risks associated with misconfigured access controls, insufficient input validation, and insecure logging practices. Timely patching and proper configuration management remain critical to securing Splunk environments against exploitation. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News Flipper Unveils New Flipper One Modular Linux Cyberdeck Hackers Compromise @antv Packages in Mini Shai-Hulud npm Attack Wave Claude Code’s Network Sandbox Vulnerability Exposes User Credentials and Source Code GitHub Hacked – Internal Source Code Repositories Compromised via Employee Device Hackers Hijacking Four-Faith Industrial Routers for Botnet Activity Latest News Cyber Security News FBI Warns of Kali365 Attacking Microsoft 365 Users to Steal Logins and Bypass MFA Cyber Security News Hackers Use Hugging Face to Host Second-Stage Malware for npm Supply Chain Attack Cyber Security News Google Publishes Exploit Code for Unfixed Chromium Bug Exposing Millions of Users Cyber Security News Hackers Can Weaponize Lenovo Driver to Terminate EDR Processes Cyber Security News Mini Shai-Hulud Attack Forces npm to Reset Bypass-2FA Publishing Tokens
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    May 22, 2026
    Archived
    May 22, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗