Unrated severityNVD Advisory· Published Feb 18, 2026· Updated Feb 18, 2026

Risky Commands Safeguards Bypass through preloaded Data Models due to Path Traversal vulnerability in Splunk Enterprise

CVE-2026-20137

Description

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky commands when they create a Data Model that contains an injected SPL query within an object. They can bypass the safeguards by exploiting a path traversal vulnerability.

Affected products

Splunk/Splunk Cloud Platformllm-fuzzy
Range: <9.3.2408.122, <9.3.2411.112, <10.0.2503.9, <10.1.2507.0
Splunk/Splunk Enterprisellm-fuzzy
Range: <9.2.9, <9.3.7, <9, <9.4.5, <10.0.3, <10.2.0
Splunk/Splunk Cloud Platformv5
Range: 10.1.2507
Splunk/Splunk Enterprisev5
Range: 10.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

advisory.splunk.com/advisories/SVD-2026-0202mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000