Main Vulnerability Database SB2026061255

SB2026061255 - Log injection in Splunk SOAR

Published: June 12, 2026

Security Bulletin ID SB2026061255

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper Output Neutralization for Logs (CVE-ID: CVE-2026-20260)

CWE-ID: CWE-117 - Improper Output Neutralization for Logs

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to inject ANSI escape codes into application log files.

The vulnerability exists due to improper output neutralization for logs in HTTP request path handling when processing specially crafted HTTP request paths. A remote attacker can send a specially crafted request path to inject ANSI escape codes into application log files.

User interaction is required when an administrator views the logs in a terminal emulator that interprets the injected escape codes.

Remediation

Install update from vendor's website.

References

https://advisory.splunk.com/advisories/SVD-2026-0611