SB2026021957 - Splunk Universal Forwarder update for node.js

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026021957

SB2026021957 - Splunk Universal Forwarder update for node.js

Published: February 19, 2026

Security Bulletin ID SB2026021957
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 67% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Out-of-bounds write (CVE-ID: CVE-2025-9230)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when trying to decrypt CMS messages encrypted using password based encryption. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.

Successful exploitation of the vulnerability requires that password based (PWRI) encryption support in CMS messages is enabled. 


2) Improper error handling (CVE-ID: CVE-2025-23166)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect error handling in async cryptographic operations within the SignTraits::DeriveBits() function. A remote attacker can send specially crafted input to the application can crash the Node.js runtime.


3) Path traversal (CVE-ID: CVE-2025-27210)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to input validation error when processing directory traversal sequences affecting Windows device names like CON, PRN, and AUX. A local user can escalate privileges on the system.

Note, this vulnerability exists due to incomplete fix for #VU103223 (CVE-2025-23084).


Remediation

Install update from vendor's website.

References