Unrated severityNVD Advisory· Published Feb 18, 2026· Updated Feb 26, 2026

Sensitive Information Disclosure in ''_internal'' index in Splunk Enterprise

CVE-2026-20144

Description

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for Attribute query requests (AQRs) or Authentication extensions in plain text within the conf.log file, depending on which feature is configured.

Affected products

Splunk/Splunk Enterprisellm-fuzzy
Range: <9.2.11, <9.3.8, <9.4.7, <10.0.2, <10.2.0
Splunk/Splunk Cloud Platformv5
Range: 10.1.2507
Splunk/Splunk Enterprisev5
Range: 10.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

advisory.splunk.com/advisories/SVD-2026-0209mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000