CVE-2026-20259

MEDIUM NVD

CVSS Score 5.5

Severity MEDIUM

Published Jun 10, 2026

Vendor unknown

Description

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability `edit_saved_search_owner` could reassign saved search ownership to users outside their authorized scope. The ownership reassignment endpoint lacks access control.

References

https://advisory.splunk.com/advisories/SVD-2026-0609