Zero Day MonitorZDM

← Back to list

4.3

CVE-2026-20260EXPLOITEDPATCHED

splunk · splunk soar

Log Injection through HTTP Request Paths in Splunk SOAR

Description

In Splunk SOAR (Security Orchestration, Automation, and Response) versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute (ANSI) escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might interpret when an administrator views the logs.<br><br>The injection is possible because SOAR does not strip control characters from HTTP request paths before writing them to application logs.

Affected Products

Vendor	Product	Versions
splunk	splunk soar	8.5, 8.4

References

https://advisory.splunk.com/advisories/SVD-2026-0611

Related News (1 articles)

Tier C

VulDB5h ago

CVE-2026-20260 | Splunk SOAR up to 8.4.x HTTP neutralization for logs (SVD-2026-0611)

→ No new info (linked only)

CVSS 3.14.3 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

8.5.0

CWECWE-117

PublishedJun 10, 2026

Last enriched5h agov2

Trending Score46

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-20251EXP

Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway

CRITICALCVE-2026-20254EXP

Information Disclosure through External Content Restriction Bypass in Splunk Enterprise

CRITICALCVE-2026-20252EXP

Server-Side Request Forgery (SSRF) through Dashboard Studio PDF Export in Splunk Enterprise

CRITICALCVE-2026-20259EXP

Improper Access Control in Splunk Enterprise

HIGHCVE-2026-20256EXP

Improper Input Validation through Protocol-Relative URL in Classic Dashboards in Splunk Enterprise

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 10, 2026

Discovered by ZDM

Jun 10, 2026

Actively Exploited

Jun 10, 2026

Patch Available

Jun 10, 2026

Updated: affectedVersions, severity, activelyExploited

Jun 10, 2026

Version History

v2

Last enriched 5h ago

v2Tier C5h ago

Updated affected versions to include 8.4, changed severity to HIGH, and marked the vulnerability as actively exploited.

affectedVersionsseverityactivelyExploited

via VulDB

v17h ago

Initial creation