Zero Day MonitorZDM

← Back to list

4.3

CVE-2026-20203EXPLOITEDPATCHED

splunk · splunk enterpri

Improper Access Control in Data Model Acceleration in Splunk Enterprise

Description

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the `admin` or `power` Splunk roles, has write permission on the app, and does not hold the high-privilege capability `accelerate_datamodel`, could turn on or off Data Model Acceleration due to improper access control.

Affected Products

Vendor	Product	Versions
splunk	splunk enterpri	10.2, 10.0, 9.4, 9.3, 10.4.2603, 10.3.2512, 10.2.2510, 10.1.2507, 10.0.2503, 9.3.2411

References

https://advisory.splunk.com/advisories/SVD-2026-0402

Related News (1 articles)

Tier C

VulDB6h ago

CVE-2026-20203 | Splunk Enterprise/Cloud Platform accelerate_datamodel access control (SVD-2026-0402)

→ No new info (linked only)

CVSS 3.14.3 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

10.2.210.0.59.4.109.3.11Not Affected10.3.2512.610.2.2510.1010.1.2507.1910.0.2503.139.3.2411.127

CWECWE-284

PublishedApr 15, 2026

Last enriched5h agov2

Trending Score42

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-20205EXP

Sensitive Information Disclosure in ''_internal'' index in Splunk MCP Server app

HIGHCVE-2026-20204EXP

Improper Handling and Insufficient Isolation of Specific Temporary Files in Splunk Enterprise

MEDIUMCVE-2026-20202EXP

Improper Input Validation during User Account Creation in Splunk Enterprise

Multiple vulnerabilities in Splunk products

MEDIUMCVE-2026-20144

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Sear

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 15, 2026

Discovered by ZDM

Apr 15, 2026

Updated: severity, activelyExploited

Apr 15, 2026

Actively Exploited

Apr 15, 2026

Patch Available

Apr 15, 2026

Version History

v2

Last enriched 5h ago

v2Tier C5h ago

Updated severity to CRITICAL, marked as actively exploited, and noted that no exploit is available.

severityactivelyExploited

via VulDB

v17h ago

Initial creation