Unrated severityNVD Advisory· Published Mar 11, 2026· Updated Mar 12, 2026

Sensitive Information Disclosure in Discover Splunk Observability Cloud app for Splunk Enterprise

CVE-2026-20166

Description

In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.0.2503.12, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve the Observability Cloud API access token through the Discover Splunk Observability Cloud app due to improper access control.

This vulnerability does not affect Splunk Enterprise versions below 9.4.9 and 9.3.10 because the Discover Splunk Observability Cloud app does not come with Splunk Enterprise.

Affected products

Splunk/Discover Splunk Observability Cloudllm-create
Splunk/Splunk Cloud Platformllm-fuzzy
Range: < 10.2.2510.5, < 10.1.2507.16, < 10.0.2503.12
Splunk/Splunk Enterprisellm-fuzzy
Range: < 9.4.9 and < 9.3.10
Splunk/Splunk Cloud Platformv5
Range: 10.2.2510
Splunk/Splunk Enterprisev5
Range: 10.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

advisory.splunk.com/advisories/SVD-2026-0305mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000