CVE-2026-20256

MEDIUM 5.7

Improper Input Validation through Protocol-Relative URL in Classic Dashboards in Splunk Enterprise

CVSS Score

5.7

EPSS Score

0.0%

EPSS Percentile

0th

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could cause data exfiltration through classic dashboards by redirecting a victim to an external site using a protocol-relative URL in a drill-down link.<br><br>The vulnerability exists because the URL classifier in classic dashboards only recognizes `http://` and `https://` schemes when checking for external URLs. Protocol-relative URLs such as `//attacker.com` bypass this check entirely, and Splunk Web does not show the external-navigation warning dialog to the victim.

CWE	CWE-20
Vendor	splunk
Product	splunk enterprise
Published	Jun 10, 2026
Last Updated	Jun 10, 2026

Stay Ahead of the Next One

Get instant alerts for splunk splunk enterprise

Be the first to know when new medium vulnerabilities affecting splunk splunk enterprise are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Splunk / Splunk Enterprise

10.2 < 10.2.4 10.0 < 10.0.7 9.4 < 9.4.12 9.3 < 9.3.13

Splunk / Splunk Cloud Platform

10.3.2512 < 10.3.2512.13 10.2.2510 < 10.2.2510.15 10.1.2507 < 10.1.2507.23 9.3.2411 < 9.3.2411.132

References

NVD ↗ CVE.org ↗ EPSS Data ↗

advisory.splunk.com: https://advisory.splunk.com/advisories/SVD-2026-0606

Credits

Tony Tong (tongster)