Improper Access Control in Data Model Acceleration in Splunk Enterprise

Description

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the `admin` or `power` Splunk roles, has write permission on the app, and does not hold the high-privilege capability `accelerate_datamodel`, could turn on or off Data Model Acceleration due to improper access control.

Affected Products

Vendor	Product	Versions
splunk	splunk enterpri	10.2, 10.0, 9.4, 9.3, 10.4.2603, 10.3.2512, 10.2.2510, 10.1.2507, 10.0.2503, 9.3.2411

References

https://advisory.splunk.com/advisories/SVD-2026-0402

Related News (1 articles)

Tier C

VulDB8h ago

CVE-2026-20203 | Splunk Enterprise/Cloud Platform accelerate_datamodel access control (SVD-2026-0402)

→ No new info (linked only)

Improper Access Control in Data Model Acceleration in Splunk Enterprise

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (5)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History