Unrated severityNVD Advisory· Published Nov 16, 2023· Updated Dec 16, 2025
Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing
CVE-2023-46214
Description
In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<9.0.7, <9.1.2+ 1 more
- (no CPE)range: <9.0.7, <9.1.2
- (no CPE)range: 9.0
- Range: -
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.