CVE-2026-20240
Description
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the ‘admin’ or ‘power’ Splunk roles could cause a Denial of Service by exploiting the coldToFrozen.sh script in the splunk_archiver app to rename critical Splunk directories, making the instance non-functional.The Denial of Service is possible because of missing input validation in the coldToFrozen.sh script, which accepts arbitrary file paths and renames them without restricting operations to safe directories.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*range: >=9.3.2411,<9.3.2411.129
- cpe:2.3:a:splunk:splunk_cloud_platform:10.4.2603:*:*:*:*:*:*:*
- (no CPE)range: <10.4.2603.1, <10.3.2512.9, <10.2.2510.11, <10.1.2507.21, <10.0.2503.13, <9.3.2411.129
- Range: <10.2.2, <10.0.5, <9.4.11, <9.3.12
Patches
Vulnerability mechanics
References
1- advisory.splunk.com/advisories/SVD-2026-0504nvdVendor Advisory
News mentions
0No linked articles in our index yet.