CVE-2026-20259 MEDIUM

CVE-2026-20259: Improper Access Control in Splunk Enterprise

Vendor Splunk

Product Splunk Enterprise

Weakness CWE-284

Published June 10, 2026

Last update June 10, 2026

View on NVD All CVEs

CVSS base score

5.5/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability `edit_saved_search_owner` could reassign saved search ownership to users outside their authorized scope. The ownership reassignment endpoint lacks access control.

Key dates

02Disclosure timeline

June 10, 2026 CVE published

June 10, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-20259 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

Identifiers

CVE CVE-2026-20259

CWE CWE-284

CVSS 5.5 / MEDIUM

Affected versions

Vendor Splunk

Product Splunk Enterprise

Affected ≥ 10.2 and < 10.2.4

Vendor Splunk

Product Splunk Enterprise

Affected ≥ 10.0 and < 10.0.7

Vendor Splunk

Product Splunk Cloud Platform

Affected ≥ 10.3.2512 and < 10.3.2512.12

Vendor Splunk

Product Splunk Cloud Platform

Affected ≥ 10.2.2510 and < 10.2.2510.15

Vendor Splunk

Product Splunk Cloud Platform

Affected ≥ 10.1.2507 and < 10.1.2507.23

Vendor Splunk

Product Splunk Cloud Platform

Affected ≥ 10.0.2503 and < 10.0.2503.14

Vendor Splunk

Product Splunk Cloud Platform

Affected ≥ 9.3.2411 and < 9.3.2411.131

CVE-2026-20259: Improper Access Control in Splunk Enterprise

01Description

02Disclosure timeline

03References

04Related CVE