HomeCyber Security News
Multiple Splunk Enterprise Vulnerabilities Allow Attackers to Execute Malicious Script
By Abinaya
June 11, 2026
Multiple high and critical vulnerabilities in Splunk Enterprise could allow attackers to execute malicious scripts, exfiltrate sensitive data, and perform unauthorized file operations, according to a series of security advisories released on June 10, 2026.
The most severe flaw, tracked as CVE-2026-20253, carries a CVSS score of 9.8 and affects Splunk Enterprise versions below 10.2.4 and 10.0.7.
The issue stems from missing authentication controls in a PostgreSQL sidecar service endpoint, allowing unauthenticated attackers to create or truncate arbitrary files.
This could lead to full system compromise, data destruction, or the persistence of malicious code without requiring user interaction.
Another high-severity vulnerability, CVE-2026-20258 (CVSS 7.1), involves stored cross-site scripting (XSS) in classic dashboards.
Splunk Enterprise Vulnerabilities
A low-privileged user can inject malicious JavaScript into dashboard HTML panels, which executes in the victim’s browser when they view the dashboard.
However, exploitation requires social engineering, as attackers must trick users into opening a crafted request.
Splunk also addressed a server-side request forgery (SSRF) vulnerability, CVE-2026-20252 (CVSS 7.6), in the Dashboard Studio PDF export feature.
The flaw allows attackers to send requests to internal systems by bypassing domain validation using crafted subdomains or redirect chains, could expose internal services or sensitive data.
Several medium-severity vulnerabilities (CVE-2026-20254, CVE-2026-20255, CVE-2026-20256, and CVE-2026-20257) affect classic dashboards and stem from improper input validation.
These issues enable data exfiltration via CSS injection, protocol-relative URLs, and insufficient validation of external content.
In these scenarios, attackers with low privileges can craft malicious dashboards that extract sensitive data when accessed by higher-privileged users.
CVE ID Severity Vulnerability Impact
CVE-2026-20258 High (7.1) Stored XSS in Classic Dashboard HTML panel Arbitrary JavaScript execution in victim browser
CVE-2026-20257 Medium (5.7) CSS input validation flaw Data exfiltration to external domains
CVE-2026-20256 Medium (5.7) Protocol-relative URL validation flaw Redirect-based data exfiltration
CVE-2026-20255 Medium (5.7) External content dialog validation flaw Data exfiltration to untrusted domains
CVE-2026-20254 Medium (5.7) CSS restriction bypass Credential and data exfiltration
CVE-2026-20253 Critical (9.8) Unauthenticated file creation/truncation Full compromise of affected systems
CVE-2026-20252 High (7.6) SSRF in Dashboard Studio PDF export Access to internal resources and data exposure
For example, an attacker could create a dashboard containing a hidden request to an external server.
When an administrator views the dashboard, sensitive session data or tokens could be silently transmitted to the attacker-controlled domain.
All vulnerabilities primarily impact Splunk Web components and require some level of user interaction or misconfiguration, such as enabling embeddable HTML content or insufficiently restricting trusted domains.
Splunk has released patches addressing these issues across supported versions. Users are advised to upgrade to Splunk Enterprise 10.4.0, 10.2.4, 10.0.7, 9.4.12, or 9.3.13, and to the corresponding Splunk Cloud Platform versions.
As mitigations, organizations should disable Splunk Web when not required, restrict dashboard-creation permissions, and enforce strict trusted-domain policies. Keeping the setting “dashboard_html_allow_embeddable_content” disabled also reduces the risk of XSS exploitation.
No detection signatures have been provided for these vulnerabilities, increasing the importance of timely patching and configuration hardening.
Given Splunk’s widespread use in security operations and log analysis, successful exploitation could grant attackers access to highly sensitive operational and security data, making these vulnerabilities particularly critical in enterprise environments.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Tags
cyber security
cyber security news
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Abinayahttps://cybersecuritynews.com/
Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space.
Trending News
Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy Cyberattacks
BugHunter – Bug Bounty Toolkit Powered by Claude and Free AI Providers
Critical LiteLLM Flaw Allows Authentication Bypass via Host Header Injection
AIRecon: AI-Powered Penetration Testing Tool with Kali Linux Sandbox
Hackers Use ClickFix Prompt to Install MSI Package and Launch Hands-On-Keyboard Attack
Latest News
Cyber Security News
Multiple Vulnerabilities in Firefox 152 Enables Remote Code Execution Attacks
Cyber Security News
Hackers Can Leverage SQL Server 2025 AI Features to Exfiltrate Sensitive Data
Cyber Security News
Hackers Abuse Microsoft Fondue.exe to Side-Load APPWIZ.cpl and Execute Malware
Cyber Security News
Hackers Abuse Legitimate RMM Tools to Maintain Persistent Access and Evade Detection
AI
Hackers Abuse Claude.ai Shared Chat Feature to Host the ClickFix Social Engineering Instructions