SB2026041756 - Multiple vulnerabilities in Splunk Enterprise

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improper Handling of Unicode Encoding (CVE-ID: CVE-2026-20202)

The vulnerability allows a remote user to cause account management inconsistencies.

The vulnerability exists due to improper input validation in the REST API user account creation functionality when processing specially crafted usernames containing a null byte or a non-UTF-8 percent-encoded byte. A remote privileged user can create a specially crafted username to cause account management inconsistencies.

Affected accounts may become impossible to edit or delete.

2) Improper access control (CVE-ID: CVE-2026-20203)

The vulnerability allows a remote user to modify Data Model Acceleration settings.

The vulnerability exists due to improper access control in the REST API when handling requests to turn Data Model Acceleration on or off. A remote user can send a request to enable or disable Data Model Acceleration to modify Data Model Acceleration settings.

The issue requires write permission on the app, and the vulnerable user does not need the accelerate_datamodel capability or the admin or power Splunk roles.

Remediation

Install update from vendor's website.

References

• https://advisory.splunk.com/advisories/SVD-2026-0401
• https://advisory.splunk.com/advisories/SVD-2026-0402