High severity7.5NVD Advisory· Published May 20, 2026· Updated May 21, 2026
CVE-2026-20239
CVE-2026-20239
Description
In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the _internal index could view session cookies and response bodies that contain sensitive data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*range: >=10.0.2503,<10.0.2503.13
- (no CPE)range: <10.3.2512.8, <10.2.2510.11, <10.1.2507.21, <10.0.2503.13
- Range: <10.2.2 and <10.0.5
Patches
Vulnerability mechanics
References
1- advisory.splunk.com/advisories/SVD-2026-0503nvdVendor Advisory
News mentions
1- ⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain ChaosThe Hacker News · May 25, 2026