In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4...
High severity
Unreviewed
Published
Apr 15, 2026
to the GitHub Advisory Database
Description
Published by the National Vulnerability Database
Apr 15, 2026
Published to the GitHub Advisory Database
Apr 15, 2026
In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.5, 10.2.2510.9, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the
adminorpowerSplunk roles could potentially perform a Remote Code Execution (RCE) by uploading a malicious file to the$SPLUNK_HOME/var/run/splunk/apptempdirectory due to improper handling and insufficient isolation of temporary files within theapptempdirectory.References