CVE-2026-20239

HIGH NVD

CVSS Score 7.5

Severity HIGH

Published May 20, 2026

Vendor unknown

Description

In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_internal` index could view session cookies and response bodies that contain sensitive data.

References

https://advisory.splunk.com/advisories/SVD-2026-0503