PatchSiren cyber security CVE debrief
CVE-2026-20259 Splunk CVE debrief
A vulnerability exists in Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131. A user who holds a Splunk role that contains the high-privilege capability `edit_saved_search_owner` could reassign saved search ownership to users outside their authorized scope. The ownership reassignment endpoint lacks access control.
- Vendor
- Splunk
- Product
- Splunk Enterprise
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-12
Who should care
Administrators and users of Splunk Enterprise and Splunk Cloud Platform, especially those with high-privilege capabilities.
Technical summary
The vulnerability is caused by a lack of access control in the ownership reassignment endpoint. This allows a user with the `edit_saved_search_owner` capability to reassign saved search ownership to users outside their authorized scope.
Defensive priority
MEDIUM
Recommended defensive actions
- Upgrade Splunk Enterprise to version 10.2.4 or later, or 10.0.7 or later.
- Upgrade Splunk Cloud Platform to version 10.4.2604.0 or later, 10.3.2512.12 or later, 10.2.2510.15 or later, 10.1.2507.23 or later, 10.0.2503.14 or later, or 9.3.2411.131 or later.
- Restrict the `edit_saved_search_owner` capability to authorized users.
Evidence notes
The CVSS score for this vulnerability is 5.5 (MEDIUM). The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N.
Official resources
-
CVE-2026-20259 CVE record
CVE.org
-
CVE-2026-20259 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-20259 was published on [2026-06-10T18:16:41.503Z].