CVE-2023-46214 HIGH

CVE-2023-46214: Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing

Vendor Splunk
Product Splunk Enterprise
Weakness CWE-91 · XML injection
Published November 16, 2023
Last update December 16, 2025

CVSS base score

8.0/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.

Key dates

02Disclosure timeline

November 16, 2023 CVE published
December 16, 2025 Record updated