Vulnerabilities ›

CVE-2026-20240

Medium

CWE-20 — Weakness Type

                    Published: May 20, 2026                      ·  Modified: May 23, 2026                      ·  Source: NVD                

CVSS v3

6.5

🔗 NVD Official

📄 Description (English)

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the ‘admin’ or ‘power’ Splunk roles could cause a Denial of Service by exploiting the `coldToFrozen.sh` script in the `splunk_archiver` app to rename critical Splunk directories, making the instance non-functional.<br><br>The Denial of Service is possible because of missing input validation in the `coldToFrozen.sh` script, which accepts arbitrary file paths and renames them without restricting operations to safe directories.

🤖 AI Executive Summary

CVE-2026-20240 affects Splunk Enterprise and Cloud Platform versions before specified patches, allowing low-privileged users to cause denial of service by exploiting missing input validation in the coldToFrozen.sh script. Attackers can rename critical Splunk directories without admin privileges, rendering instances non-functional.

📄 Description (Arabic)

يتعلق هذا الضعف بنقص التحقق من صحة الإدخال في سكريبت coldToFrozen.sh ضمن تطبيق splunk_archiver. يسمح هذا النقص للمستخدمين ذوي الامتيازات المنخفضة بتمرير مسارات ملفات عشوائية وإعادة تسمية مجلدات Splunk الحرجة. يؤدي هذا إلى رفض الخدمة وجعل مثيل Splunk غير وظيفي تماماً.

🤖 ملخص تنفيذي (AI)

CVE-2026-20240 يؤثر على إصدارات Splunk Enterprise وCloud Platform السابقة للإصدارات المصححة، مما يسمح للمستخدمين ذوي الامتيازات المنخفضة بإحداث رفض الخدمة. يمكن للمهاجمين إعادة تسمية مجلدات Splunk الحرجة دون امتيازات المسؤول، مما يجعل الحالات غير وظيفية.

🤖 AI Intelligence Analysis Analyzed: May 21, 2026 10:00

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking telecom energy government healthcare

🎯 MITRE ATT&CK Techniques

T1499.004 T1561.002 T1485

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Upgrade Splunk Enterprise to version 10.2.2, 10.0.5, 9.4.11, or 9.3.12 and later; upgrade Splunk Cloud Platform to version 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, or 9.3.2411.129 and later. Implement strict access controls limiting execution of splunk_archiver app scripts to administrative users only.

🔧 خطوات المعالجة (العربية)

قم بترقية Splunk Enterprise إلى الإصدار 10.2.2 أو 10.0.5 أو 9.4.11 أو 9.3.12 وما بعده؛ قم بترقية Splunk Cloud Platform إلى الإصدارات المحددة وما بعده. تطبيق ضوابط وصول صارمة لتقييد تنفيذ سكريبتات تطبيق splunk_archiver للمستخدمين الإداريين فقط.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.9.2.1 A.9.2.5 A.9.4.3

🔵 SAMA CSF

CC6.1 CC6.2 CC7.2

🟡 ISO 27001:2022

27001:A.5.16 27001:A.8.1.1 27001:A.9.2.1

🔗 References & Sources 1

🔗

https://advisory.splunk.com/advisories/SVD-2026-0504

psirt@cisco.com

Vendor Advisory

📦 Affected Products / CPE 10 entries

splunk:splunk

splunk:splunk_cloud_platform

splunk:splunk_cloud_platform:10.4.2603

📊 CVSS Score

6.5

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityN — None / Network

AvailabilityH — High

📋 Quick Facts

Severity Medium

CVSS Score6.5

CWECWE-20

EPSS0.05%

Exploit No

Patch ✗ No

Published 2026-05-20

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-20

🏢 Vendor Advisories

🔗 https://advisory.splunk.com/advisories/SVD-2026-0504

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-20240

Introduce Yourself

Sign In Required