CVE-2026-20144

← CVEs

MED 6.8

Published

2026-02-18

Last Modified

2026-02-23

Affected Apps

Affected Devices

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster (SHC) deployment who holds a role with access to the the Splunk _internal index could view the Security Assertion Markup Language (SAML) configurations for Attribute query requests (AQRs) or Authentication extensions in plain text within the conf.log file, depending on which feature is configured.

Affected Applications in Environment 5

1 device

1 device

2 devices

1 device

Universal Forwarder v9.2.2.0

10 devices

Affected Devices 15

ARSUTLGU3FP2 Windows ARSUTLGU3MUSEUM Windows ARSUTLGU4000052 Windows ARSUTLGU4BOMBUS Windows ARSUTLGU4FRR037 Windows ARSUTLGU4FRRGEO Windows ARSUTLGU4OPTI4 Windows ARSUTLGU5DYKH9N Windows ARSUTLGU5FRR032 Windows ARSUTLGU5ITSPEC Windows DPEXAN-5CD017CV Windows DPHSNG-34Y86X3 Windows DPMATH-C11312G9 Windows FL217-2-ADOTTER Windows MICHELLEUSUHP Windows

References 1

https://advisory.splunk.com/advisories/SVD-2026-0209