CVE-2026-20297
Path Traversal through 'explicit_appname' in the App Install REST Endpoint in Splunk Enterprise
CVSS Score
7.2
EPSS Score
0.0%
EPSS Percentile
0th
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the `edit_local_apps` and `install_apps` capabilities could cause a legitimate app installation to write files outside the intended app directory, into `$SPLUNK_HOME/etc/` and its subdirectories.<br><br>The vulnerability is caused by a path traversal in the app installation workflow, which does not restrict the installation path to the intended app directory.
| CWE | CWE-22 |
| Vendor | splunk |
| Product | splunk enterprise |
| Published | Jul 15, 2026 |
| Last Updated | Jul 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for splunk splunk enterprise
Be the first to know when new high vulnerabilities affecting splunk splunk enterprise are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Splunk / Splunk Enterprise
10.4 < 10.4.1 10.2 < 10.2.5 10.0 < 10.0.8 9.4 < 9.4.13 9.3 < 9.3.14
Splunk / Splunk Cloud Platform
10.5.2605 < 10.5.2605.0 10.4.2604 < 10.4.2604.6 10.2.2510 < 10.2.2510.18 10.1.2507 < 10.1.2507.24
References
Credits
Vinay Manivel, Splunk