CVE-2026-20298
Sensitive Information Disclosure through the storage/passwords REST Endpoint in Splunk Enterprise
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.3.2512.15, 10.2.2510.18, and 10.1.2507.24, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could view stored credential hashes when they access the `/servicesNS/-/-/storage/passwords` REST endpoint through the `|rest` Search Processing Language (SPL) command.<br><br>The exposure happens because the `|rest` SPL command returns the `encr_password` field in the results of the `/servicesNS/-/-/storage/passwords` REST endpoint.
| CWE | CWE-200 |
| Vendor | splunk |
| Product | splunk enterprise |
| Published | Jul 15, 2026 |
| Last Updated | Jul 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for splunk splunk enterprise
Be the first to know when new medium vulnerabilities affecting splunk splunk enterprise are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Splunk / Splunk Enterprise
10.4 < 10.4.1 10.2 < 10.2.5 10.0 < 10.0.8 9.4 < 9.4.13
Splunk / Splunk Cloud Platform
10.5.2605 < 10.5.2605.0 10.4.2604 < 10.4.2604.6 10.3.2512 < 10.3.2512.15 10.2.2510 < 10.2.2510.18 10.1.2507 < 10.1.2507.24