CVE-2026-20144
Sensitive Information Disclosure in ''_internal'' index in Splunk Enterprise
CVSS Score
6.8
EPSS Score
0.0%
EPSS Percentile
0th
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for Attribute query requests (AQRs) or Authentication extensions in plain text within the conf.log file, depending on which feature is configured.
| CWE | CWE-532 |
| Vendor | splunk |
| Product | splunk enterprise |
| Published | Feb 18, 2026 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for splunk splunk enterprise
Be the first to know when new medium vulnerabilities affecting splunk splunk enterprise are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Splunk / Splunk Enterprise
10.0 < 10.0.2 9.4 < 9.4.7 9.3 < 9.3.8 9.2 < 9.2.11
Splunk / Splunk Cloud Platform
10.1.2507 < 10.1.2507.11 10.0.2503 < 10.0.2503.9 9.3.2411 < 9.3.2411.120