Zero Day MonitorZDM

← Back to list

6.6

CVE-2026-20202EXPLOITEDPATCHED

splunk · splunk enterpri

Improper Input Validation during User Account Creation in Splunk Enterprise

Description

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127, a user who holds a role that contains the high-privilege capability `edit_user`could create a specially crafted username that includes a null byte or a non-UTF-8 percent-encoded byte due to improper input validation.<br><br>This could lead to inconsistent conversion of usernames into a proper format for storage and account management inconsistencies, such as being unable to edit or delete affected users.

Affected Products

Vendor	Product	Versions
splunk	splunk enterpri	10.2, 10.0, 9.4, 9.3, 10.4.2603, 10.3.2512, 10.2.2510, 10.1.2507, 10.0.2503, 9.3.2411

References

https://advisory.splunk.com/advisories/SVD-2026-0401

Related News (1 articles)

Tier C

VulDB6h ago

CVE-2026-20202 | Splunk Enterprise/Cloud Platform Username edit_user unicode encoding (SVD-2026-0401)

→ No new info (linked only)

CVSS 3.16.6 MEDIUM

VectorCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

10.2.210.0.59.4.109.3.11Not Affected10.3.2512.610.2.2510.1010.1.2507.2010.0.2503.139.3.2411.127

CWECWE-176

PublishedApr 15, 2026

Last enriched6h agov2

Trending Score47

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-20205EXP

Sensitive Information Disclosure in ''_internal'' index in Splunk MCP Server app

HIGHCVE-2026-20204EXP

Improper Handling and Insufficient Isolation of Specific Temporary Files in Splunk Enterprise

MEDIUMCVE-2026-20203EXP

Improper Access Control in Data Model Acceleration in Splunk Enterprise

Multiple vulnerabilities in Splunk products

MEDIUMCVE-2026-20144

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Sear

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 15, 2026

Discovered by ZDM

Apr 15, 2026

Updated: description, severity, activelyExploited

Apr 15, 2026

Actively Exploited

Apr 15, 2026

Patch Available

Apr 15, 2026

Version History

v2

Last enriched 6h ago

v2Tier C6h ago

Updated severity to CRITICAL, marked as actively exploited, and provided a new description with details about the vulnerability.

descriptionseverityactivelyExploited

via VulDB

v17h ago

Initial creation