CVE-2026-20260
Log Injection through HTTP Request Paths in Splunk SOAR
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th
In Splunk SOAR (Security Orchestration, Automation, and Response) versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute (ANSI) escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might interpret when an administrator views the logs.<br><br>The injection is possible because SOAR does not strip control characters from HTTP request paths before writing them to application logs.
| CWE | CWE-117 |
| Vendor | splunk |
| Product | splunk soar |
| Published | Jun 10, 2026 |
| Last Updated | Jun 10, 2026 |
Stay Ahead of the Next One
Get instant alerts for splunk splunk soar
Be the first to know when new medium vulnerabilities affecting splunk splunk soar are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Splunk / Splunk SOAR
8.5 < 8.5.0
References
Credits
STΓK / Fredrik Alexandersson