CVE-2026-20141

MEDIUM 4.3

Improper Access Control in Splunk Monitoring Console App

CVSS Score

4.3

EPSS Score

0.0%

EPSS Percentile

0th

In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the "admin" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure.<br><br>The Monitoring Console app is a bundled app that comes with Splunk Enterprise. It is not available for download on SplunkBase, and is not installed on Splunk Cloud Platform instances. This vulnerability does not affect [Cloud Monitoring Console](https://help.splunk.com/en/splunk-cloud-platform/administer/admin-manual/10.2.2510/monitor-your-splunk-cloud-platform-deployment/introduction-to-the-cloud-monitoring-console).

CWE	CWE-200
Vendor	splunk
Product	splunk enterprise
Published	Feb 18, 2026
Last Updated	Feb 18, 2026

Stay Ahead of the Next One

Get instant alerts for splunk splunk enterprise

Be the first to know when new medium vulnerabilities affecting splunk splunk enterprise are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Splunk / Splunk Enterprise

10.0 < 10.0.3 9.4 < 9.4.8 9.3 < 9.3.9

References

NVD ↗ CVE.org ↗ EPSS Data ↗

advisory.splunk.com: https://advisory.splunk.com/advisories/SVD-2026-0206

Credits

Mohammad Fahad Khan (fahadkhan01)