Vulnerability Details CVE-2026-20141
In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the "admin" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure.<br><br>The Monitoring Console app is a bundled app that comes with Splunk Enterprise. It is not available for download on SplunkBase, and is not installed on Splunk Cloud Platform instances. This vulnerability does not affect [Cloud Monitoring Console](https://help.splunk.com/en/splunk-cloud-platform/administer/admin-manual/10.2.2510/monitor-your-splunk-cloud-platform-deployment/introduction-to-the-cloud-monitoring-console).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.0%
CVSS Severity
CVSS v3 Score 4.3
Products affected by CVE-2026-20141
-
cpe:2.3:a:splunk:splunk:10.0.0
-
cpe:2.3:a:splunk:splunk:10.0.1
-
cpe:2.3:a:splunk:splunk:10.0.2
-
cpe:2.3:a:splunk:splunk:9.3.0
-
cpe:2.3:a:splunk:splunk:9.3.1
-
cpe:2.3:a:splunk:splunk:9.3.2
-
cpe:2.3:a:splunk:splunk:9.3.3
-
cpe:2.3:a:splunk:splunk:9.3.4
-
cpe:2.3:a:splunk:splunk:9.3.5
-
cpe:2.3:a:splunk:splunk:9.3.6
-
cpe:2.3:a:splunk:splunk:9.3.7
-
cpe:2.3:a:splunk:splunk:9.3.8
-
cpe:2.3:a:splunk:splunk:9.4.0
-
cpe:2.3:a:splunk:splunk:9.4.1
-
cpe:2.3:a:splunk:splunk:9.4.2
-
cpe:2.3:a:splunk:splunk:9.4.3
-
cpe:2.3:a:splunk:splunk:9.4.4
-
cpe:2.3:a:splunk:splunk:9.4.5
-
cpe:2.3:a:splunk:splunk:9.4.6
-
cpe:2.3:a:splunk:splunk:9.4.7