Unrated severityNVD Advisory· Published Feb 18, 2026· Updated Feb 26, 2026
Sensitive Information Disclosure in ''_internal'' index in Splunk Enterprise
CVE-2026-20144
Description
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for Attribute query requests (AQRs) or Authentication extensions in plain text within the conf.log file, depending on which feature is configured.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<9.2.11, <9.3.8, <9.4.7, <10.0.2, <10.2.0+ 1 more
- (no CPE)range: <9.2.11, <9.3.8, <9.4.7, <10.0.2, <10.2.0
- (no CPE)range: 10.0
- Range: 10.1.2507
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.