VYPR
Unrated severityNVD Advisory· Published Nov 16, 2023· Updated Dec 16, 2025

Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing

CVE-2023-46214

Description

In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.